From 7bda72027a79fa0ee92ffa9f7d1c7243661b3504 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Sun, 9 Apr 2017 12:03:25 +0200
Subject: [PATCH] Site lock validation based on target_onion

---
 src/File/FileRequest.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/File/FileRequest.py b/src/File/FileRequest.py
index 6f146bc5..193c0a15 100644
--- a/src/File/FileRequest.py
+++ b/src/File/FileRequest.py
@@ -55,11 +55,13 @@ class FileRequest(object):
     def route(self, cmd, req_id, params):
         self.req_id = req_id
         # Don't allow other sites than locked
-        if "site" in params and self.connection.site_lock and self.connection.site_lock not in (params["site"], "global"):
-            self.response({"error": "Invalid site"})
-            self.log.error("Site lock violation: %s != %s" % (self.connection.site_lock, params["site"]))
-            self.connection.badAction(5)
-            return False
+        if "site" in params and self.connection.target_onion:
+            valid_sites = self.connection.getValidSites()
+            if params["site"] not in valid_sites:
+                self.response({"error": "Invalid site"})
+                self.log.error("Site lock violation: %s not in %s" % (params["site"], valid_sites))
+                self.connection.badAction(5)
+                return False
 
         if cmd == "update":
             event = "%s update %s %s" % (self.connection.id, params["site"], params["inner_path"])