From b88ee9a87a38b725bd94735a204675b5d1fa1b85 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Wed, 19 Jul 2017 16:45:28 +0200
Subject: [PATCH] Only allow to sign content.json files

---
 src/Content/ContentManager.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Content/ContentManager.py b/src/Content/ContentManager.py
index e2347e32..b2979b17 100644
--- a/src/Content/ContentManager.py
+++ b/src/Content/ContentManager.py
@@ -528,6 +528,9 @@ class ContentManager(object):
     # Create and sign a content.json
     # Return: The new content if filewrite = False
     def sign(self, inner_path="content.json", privatekey=None, filewrite=True, update_changed_files=False, extend=None, remove_missing_optional=False):
+        if not inner_path.endswith("content.json"):
+            raise SignError("Invalid file name, you can only sign content.json files")
+
         if inner_path in self.contents:
             content = self.contents.get(inner_path)
             if content and content.get("cert_sign", False) is None and self.site.storage.isFile(inner_path):