diff --git a/actions/avatar.php b/actions/avatar.php
index 17f56634b3..43f02a88d5 100644
--- a/actions/avatar.php
+++ b/actions/avatar.php
@@ -128,6 +128,17 @@ class AvatarAction extends SettingsAction {
 		$avatar->url = common_avatar_url($filename);
 		$avatar->created = DB_DataObject_Cast::dateTime(); # current time
 
+		$val = $avatar->validate();
+		
+		if ($val !== TRUE) {
+			$err = '';
+			foreach ($val as $k=>$v) {
+				$err .= _t('Something wrong with ') . $k;
+				$this->show_form($err);
+				return;
+			}
+		}
+		
 		foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) {
 			$scaled[] = $this->scale_avatar($user, $avatar, $size);
 		}
@@ -139,7 +150,6 @@ class AvatarAction extends SettingsAction {
 			common_server_error(_t('Error deleting old avatars.'));
 			return;
 		}
-
 		if (!$avatar->insert()) {
 			@unlink($filepath);
 			common_server_error(_t('Error inserting avatar.'));
diff --git a/actions/newnotice.php b/actions/newnotice.php
index fed3278a47..5bbc915315 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -49,7 +49,14 @@ class NewnoticeAction extends Action {
 		$notice->profile_id = $user->id; # user id *is* profile id
 		$notice->created = DB_DataObject_Cast::dateTime();
 		$notice->content = trim($this->arg('content'));
-		return $notice->insert();
+		
+		$val = $notice->validate();
+		if ($val === TRUE) {
+			return $notice->insert();
+		} else {
+			// XXX: display some info
+			return NULL;
+		}
 	}
 	
 	function show_form() {
diff --git a/actions/password.php b/actions/password.php
index 6eba136ceb..3a89c99d33 100644
--- a/actions/password.php
+++ b/actions/password.php
@@ -64,6 +64,12 @@ class PasswordAction extends SettingsAction {
 
 		$user->password = common_munge_password($newpassword, $user->id);
 
+		$val = $user->validate();
+		if ($val !== TRUE) {
+			$this->show_form(_t('Error saving user; invalid.'));
+			return;
+		}
+		
 		if (!$user->update($original)) {
 			common_server_error(_t('Can\'t save new password.'));
 			return;
diff --git a/actions/profilesettings.php b/actions/profilesettings.php
index ab8175901a..a0c9527a20 100644
--- a/actions/profilesettings.php
+++ b/actions/profilesettings.php
@@ -70,6 +70,13 @@ class ProfilesettingsAction extends SettingsAction {
 		$user->nickname = $this->arg('nickname');
 		$user->email = $this->arg('email');
 
+		$val = $user->validate();
+		if ($val !== TRUE) {
+			# XXX: better validation
+			$this->show_form(_t('Error saving user; invalid.'));
+			return;
+		}
+		
 		if (!$user->update($original)) {
 			common_server_error(_t('Couldnt update user.'));
 			return;
@@ -86,6 +93,13 @@ class ProfilesettingsAction extends SettingsAction {
 		$profile->location = $this->arg('location');
 		$profile->profileurl = common_profile_url($nickname);
 
+		$val = $profile->validate();
+		if ($val !== TRUE) {
+			# XXX: some feedback here, please!
+			$this->show_form(_t('Error saving profile; invalid.'));
+			return;
+		}
+		
 		if (!$profile->update($orig_profile)) {
 			common_server_error(_t('Couldnt save profile.'));
 			return;
diff --git a/actions/register.php b/actions/register.php
index f9402b98f4..2fa6633890 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -83,6 +83,12 @@ class RegisterAction extends Action {
 		$profile->nickname = $nickname;
 		$profile->profileurl = common_profile_url($nickname);
 		$profile->created = DB_DataObject_Cast::dateTime(); # current time
+		
+		$val = $profile->validate();
+		if ($val !== TRUE) {
+			# XXX: some feedback here, please!
+			return FALSE;
+		}
 		$id = $profile->insert();
 		if (!$id) {
 			return FALSE;
@@ -93,6 +99,15 @@ class RegisterAction extends Action {
 		$user->password = common_munge_password($password, $id);
 		$user->email = $email;
 		$user->created =  DB_DataObject_Cast::dateTime(); # current time
+		
+		$val = $user->validate();
+		if ($val !== TRUE) {
+			# XXX: some feedback here, please!
+			# Try to clean up...
+			$profile->delete();
+			return FALSE;
+		}
+		
 		$result = $user->insert();
 		if (!$result) {
 			# Try to clean up...
diff --git a/actions/subscribe.php b/actions/subscribe.php
index 4edf3e714e..ea3038236c 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -49,6 +49,14 @@ class SubscribeAction extends Action {
 		$sub->subscribed = $other->id;
 		
 		$sub->created = DB_DataObject_Cast::dateTime(); # current time
+
+		$val = $sub->validate();
+		
+		if ($val !== TRUE) {
+			# XXX: give some error notice
+			common_server_error(_t('Subscription did not validate.'));
+			return;
+		}
 		
 		if (!$sub->insert()) {
 			common_server_error(_t('Couldn\'t create subscription.'));