ERC721Holder - open to receive any tokens problem

Hi, I coded an NFT marketplace contract, it works in a way that the User deposits the NFT into the contract and with that creates an Order (can call cancel function anytime and the token will get sent back). In order to be able to receive the token tho I had to implement the ERC721Holder extension.

It all works fine but my question is - now the contract can receive any ERC721 right .. so it can get flooded with different tokens, or somehow someone can actually even mistakenly send the tokens meant for sale regularly into the contract through Transfer, I know the chance is tiny but gotta count with everything.

Is there a way to limit this? That the contract can receive tokens only through a specific function for example?

It would be ideal if a user that wants to sell tokens through the marketplace had to go through the createOrder method and therefore through the official deposit method instead of the contract just accepting anything anyhow.

Thank you

You can have the user of your marketplace go through a whitelist procedure, where you can then have an offchain interaction where you both sign a hash, and then "require" this hash everytime the user wants to do a NFT token transaction...