diff --git a/collections/posts.js b/collections/posts.js
index 5b0141f61..4b7c8f9ba 100644
--- a/collections/posts.js
+++ b/collections/posts.js
@@ -24,7 +24,7 @@ Meteor.methods({
     var headline = cleanUp(post.headline),
         body = cleanUp(post.body),
         user = Meteor.user(),
-        userId = post.userId || user._id,
+        userId = user._id,
         submitted = parseInt(post.submitted) || new Date().getTime(),
         defaultStatus = getSetting('requirePostsApproval') ? STATUS_PENDING : STATUS_APPROVED,
         status = post.status || defaultStatus,
@@ -34,7 +34,10 @@ Meteor.methods({
         postInterval = Math.abs(parseInt(getSetting('postInterval', 30))),
         maxPostsPer24Hours = Math.abs(parseInt(getSetting('maxPostsPerDay', 30))),
         postId = '';
-
+        if(isAdmin(Meteor.user()) {
+          userId = post.userId || user._id // Don't trust HTML from the users, they are bad
+        }
+        
     // check that user can post
     if (!user || !canPost(user))
       throw new Meteor.Error(601, 'You need to login or be invited to post new stories.');