From b3aaf668504edcc9b869559899d3aa76878d870a Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Mon, 2 Mar 2015 14:53:51 -0500
Subject: [PATCH] More secure saved search ownership verification.

---
 module/VuFind/src/VuFind/Controller/AbstractSearch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/module/VuFind/src/VuFind/Controller/AbstractSearch.php b/module/VuFind/src/VuFind/Controller/AbstractSearch.php
index d945ec6cbda..73f71915577 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractSearch.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractSearch.php
@@ -142,7 +142,7 @@ class AbstractSearch extends AbstractBase
         $sessId = $this->getServiceLocator()->get('VuFind\SessionManager')->getId();
         $user = $this->getUser();
         $userId = $user ? $user->id : false;
-        if ($search->session_id == $sessId || $search->user_id == $userId) {
+        if ($search->session_id == $sessId || $search->user_id === $userId) {
             // They do, deminify it to a new object.
             $minSO = $search->getSearchObject();
             $savedSearch = $minSO->deminify($this->getResultsManager());
-- 
GitLab