# HG changeset patch
# User Ralf Schlatterbeck <rsc@runtux.com>
# Date 1570538249 -7200
# Node ID fe96015445e9218df41c65178244ebe187957e5b
# Parent  d3447888c690d1f119d05b44dcaa1d18e4e1fee0
Reorder html entities generated by submit button

issue2551065: This allows styles to be applied. Thanks to Garth Jensen
for the patch against release 1.6

diff -r d3447888c690 -r fe96015445e9 CHANGES.txt
--- a/CHANGES.txt	Tue Oct 08 07:07:01 2019 -0400
+++ b/CHANGES.txt	Tue Oct 08 14:37:29 2019 +0200
@@ -99,6 +99,10 @@
   endpoints. (John Rouillard)
 - issue2551062: roundup-admin security now validates all properties in
   permissions. It reports invalid properties. (John Rouillard)
+- issue2551065: Reorder html entities generated by submit button so that
+  styles can be applied. Thanks to Garth Jensen for the patch against
+  release 1.6 that was ported to upcoming 2.0 release (Ralf
+  Schlatterbeck).
 
 Fixed:
 
diff -r d3447888c690 -r fe96015445e9 doc/acknowledgements.txt
--- a/doc/acknowledgements.txt	Tue Oct 08 07:07:01 2019 -0400
+++ b/doc/acknowledgements.txt	Tue Oct 08 14:37:29 2019 +0200
@@ -10,6 +10,10 @@
 
 .. _`Announcement with changelog for current release.`: announcement.html
 
+2.X
+---
+
+Garth Jensen
 
 1.6
 ---
diff -r d3447888c690 -r fe96015445e9 roundup/cgi/templating.py
--- a/roundup/cgi/templating.py	Tue Oct 08 07:07:01 2019 -0400
+++ b/roundup/cgi/templating.py	Tue Oct 08 14:37:29 2019 +0200
@@ -776,12 +776,14 @@
         if not self.is_edit_ok():
             return ''
 
-        return self.input(type="hidden", name="@csrf",
-                          value=anti_csrf_nonce(self._client)) + \
+        return \
+            self.input(type="submit", name="submit_button",
+                              value=self._(label)) + \
             '\n' + \
-            self.input(type="hidden", name="@action", value=action) + \
+            self.input(type="hidden", name="@csrf",
+                              value=anti_csrf_nonce(self._client)) + \
             '\n' + \
-            self.input(type="submit", name="submit_button", value=self._(label))
+            self.input(type="hidden", name="@action", value=action)
 
     def history(self):
         if not self.is_view_ok():
@@ -916,16 +918,17 @@
 
         Also sneak in the lastactivity and action hidden elements.
         """
-        return self.input(type="hidden", name="@lastactivity",
-            value=self.activity.local(0)) + \
+        return \
+            self.input(type="submit", name="submit_button",
+                       value=self._(label)) + \
+            '\n' + \
+            self.input(type="hidden", name="@lastactivity",
+                       value=self.activity.local(0)) + \
             '\n' + \
             self.input(type="hidden", name="@csrf",
                        value=anti_csrf_nonce(self._client)) + \
             '\n' + \
-            self.input(type="hidden", name="@action", value=action) + \
-            '\n' + \
-            self.input(type="submit", name="submit_button",
-                       value=self._(label))
+            self.input(type="hidden", name="@action", value=action)
 
     def journal(self, direction='descending'):
         """ Return a list of HTMLJournalEntry instances.