From c7b8ec56670f1efcf827e031128afd61a32530b2 Mon Sep 17 00:00:00 2001
From: HelloZeroNet <hello@noloop.me>
Date: Wed, 20 Apr 2016 23:35:51 +0200
Subject: [PATCH] Allow only content.json update

---
 src/File/FileRequest.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/File/FileRequest.py b/src/File/FileRequest.py
index 1ba01fe7..8ad2e371 100644
--- a/src/File/FileRequest.py
+++ b/src/File/FileRequest.py
@@ -91,6 +91,9 @@ class FileRequest(object):
                 site.settings["size"] = site.content_manager.getTotalSize()  # Update site size
         buff = StringIO(params["body"])
         valid = site.content_manager.verifyFile(params["inner_path"], buff)
+        if not params["inner_path"].endswith("content.json"):
+            self.response({"error": "Only content.json update allowed"})
+            return
         if valid is True:  # Valid and changed
             self.log.info("Update for %s looks valid, saving..." % params["inner_path"])
             buff.seek(0)