Added FabrikWorker::isViewType(), as a sanity check for things like the

content plugin to call before including view files using (potentially)
user supplied strings in the path.

components/com_fabrik/helpers/parent.php

@@ -84,7 +84,35 @@ class FabrikWorker
 	 * @var  array
 	 */
 	static protected $doc_mime_types = array('pdf' => 'application/pdf', 'epub' => 'document/x-epub');
+
+	/**
+	 * Valid view types, for sanity checking inputs, used by isViewType()
+	 */
+	static protected $viewTypes = array(
+		'article',
+		'cron',
+		'csv',
+		'details',
+		'element',
+		'form',
+		'list',
+		'package',
+		'visualization'
+	);
 
+	/**
+	 * Returns true if $view is a valid view type
+	 *
+	 * @param   string  $view  View type
+	 *
+	 * @return	bool
+	 */
+
+	public static function isViewType($view)
+	{
+		return in_array($view, self::$viewTypes);
+	}
+
 	/**
 	 * Returns true if $file has an image extension type
 	 *

plugins/content/fabrik/fabrik.php

@@ -880,6 +880,16 @@ protected function getController($viewName, $id)
 
 	protected function generalIncludes($view)
 	{
+		if ($view == 'details')
+		{
+			$view = 'form';
+		}
+
+		if (!FabrikWorker::isViewType($view))
+		{
+			throw new RuntimeException('Please specify a valid view type in your fabrik {} code: ' . $view, 500);
+		}
+
 		$app = JFactory::getApplication();
 		$input = $app->input;
 		require_once COM_FABRIK_FRONTEND . '/controller.php';
@@ -899,16 +909,6 @@ protected function generalIncludes($view)
 		JModelLegacy::addIncludePath(COM_FABRIK_FRONTEND . '/models');
 		JModelLegacy::addIncludePath(COM_FABRIK_FRONTEND . '/models', 'FabrikFEModel');
 
-		if ($view == 'details')
-		{
-			$view = 'form';
-		}
-
-		if ($view == '')
-		{
-			throw new RuntimeException('Please specify a view in your fabrik {} code', 500);
-		}
-
 		// $$$rob looks like including the view does something to the layout variable
 		$defaultLayout = FabrikWorker::j3() ? 'bootstrap' : 'default';
 		$layout = $input->get('layout', $defaultLayout);