From d610e0bf010cc6e6f82b412ecd64ac37dc102adc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuli=20Sillanp=C3=A4=C3=A4?=
 <samuli.sillanpaa@helsinki.fi>
Date: Tue, 26 Apr 2016 15:05:25 +0300
Subject: [PATCH] Use last view option from session only when valid.

---
 module/VuFind/src/VuFind/Search/Base/Params.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/module/VuFind/src/VuFind/Search/Base/Params.php b/module/VuFind/src/VuFind/Search/Base/Params.php
index 1fb493b4761..f3e1ae91e19 100644
--- a/module/VuFind/src/VuFind/Search/Base/Params.php
+++ b/module/VuFind/src/VuFind/Search/Base/Params.php
@@ -512,14 +512,16 @@ class Params implements ServiceLocatorAwareInterface
     {
         // Check for a view parameter in the url.
         $view = $request->get('view');
-        $validViews = $this->getOptions()->getViewOptions();
+        $validViews = array_keys($this->getOptions()->getViewOptions());
         if ($view == 'rss') {
             // RSS is a special case that does not require config validation
             $this->setView('rss');
-        } else if (!empty($view) && in_array($view, array_keys($validViews))) {
+        } else if (!empty($view) && in_array($view, $validViews)) {
             // make sure the url parameter is a valid view
             $this->setView($view);
-        } else if (!empty($this->lastView)) {
+        } else if (!empty($this->lastView)
+            && in_array($this->lastView, $validViews)
+        ) {
             // if there is nothing in the URL, see if we had a previous value
             // injected based on session information.
             $this->setView($this->lastView);
-- 
GitLab