diff --git a/server/methods.js b/server/methods.js
index 165c4af..cacffea 100644
--- a/server/methods.js
+++ b/server/methods.js
@@ -6,12 +6,15 @@ Meteor.methods({
 
 		if (user._id == userId)
 			throw new Meteor.Error(422, 'You can\'t delete yourself.');
-		
+
 		// remove the user
 		Meteor.users.remove(userId);
 	},
 
 	addUserRole: function(userId, role) {
+		check(userId, String);
+		check(role, String);
+
 		var user = Meteor.user();
 		if (!user || !Roles.userIsInRole(user, ['admin']))
 			throw new Meteor.Error(401, "You need to be an admin to update a user.");
@@ -103,4 +106,4 @@ Meteor.methods({
 		Meteor.users.update({_id: id}, {$set: obj});
 
 	}
-});
\ No newline at end of file
+});
diff --git a/server/publish.js b/server/publish.js
index 236205d..3938ca9 100644
--- a/server/publish.js
+++ b/server/publish.js
@@ -3,5 +3,11 @@ Meteor.publish('roles', function (){
 });
 
 Meteor.publish('filteredUsers', function(filter) {
+	if (filter === null) {
+		check(filter, null);
+	} else {
+		check(filter, String);
+	}
+
 	return filteredUserQuery(this.userId, filter);
-});
\ No newline at end of file
+});