Print view uses the SilverStripe templating to render values which means that
values are safely escaped by default. This can be tested by chaing `$CellString`
to `$CellString.RAW` in the GridField_print.ss template to see this escaping
being disabled.
This pull request removes double escaping of HTML in strings.
This fixes a bug where the installer redirects to home/ ('home' as the domain) as the url as opposed to localhost/home.
To reproduce:
* Use chrome (untested in other browsers)
* composer create project silverstripe/installer
* Run through the installer
Expected:
* Silverstripe installs and it takes you to the success page
Actual:
* SilverStripe installs and takes you to a different domain (ie. 'http://home')
The problem seems to be, any URL starting with `//` (two slashes) is normalised by the browser to an absolute URL by removing both slashes meaning `//home` becomes just `home` (as in http://home)
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.
Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.
Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.
Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.
Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
