diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index 61948f94..442ce41b 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -978,6 +978,9 @@ class ApiV1Controller extends Controller
             }
         }
 
+        $filterClass = in_array($request->input('filter_class'), Filter::classes()) ? $request->input('filter_class') : null;
+        $filterName = in_array($request->input('filter_name'), Filter::names()) ? $request->input('filter_name') : null;
+
         $monthHash = hash('sha1', date('Y').date('m'));
         $userHash = hash('sha1', $user->id . (string) $user->created_at);
 
@@ -1001,8 +1004,8 @@ class ApiV1Controller extends Controller
         $media->size = $photo->getSize();
         $media->mime = $photo->getMimeType();
         $media->caption = $request->input('description');
-        $media->filter_class = $request->input('filter_class');
-        $media->filter_name = $request->input('filter_name');
+        $media->filter_class = $filterClass;
+        $media->filter_name = $filterName;
         $media->save();
         
         switch ($media->mime) {
diff --git a/app/Http/Controllers/Api/BaseApiController.php b/app/Http/Controllers/Api/BaseApiController.php
index e47d61e5..a3a450c6 100644
--- a/app/Http/Controllers/Api/BaseApiController.php
+++ b/app/Http/Controllers/Api/BaseApiController.php
@@ -24,6 +24,7 @@ use App\Transformer\Api\{
     StatusTransformer
 };
 use League\Fractal;
+use App\Util\Media\Filter;
 use League\Fractal\Serializer\ArraySerializer;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use App\Jobs\AvatarPipeline\AvatarOptimize;
@@ -231,6 +232,9 @@ class BaseApiController extends Controller
             }
         }
 
+        $filterClass = in_array($request->input('filter_class'), Filter::classes()) ? $request->input('filter_class') : null;
+        $filterName = in_array($request->input('filter_name'), Filter::names()) ? $request->input('filter_name') : null;
+
         $monthHash = hash('sha1', date('Y').date('m'));
         $userHash = hash('sha1', $user->id . (string) $user->created_at);
 
@@ -253,8 +257,8 @@ class BaseApiController extends Controller
         $media->original_sha256 = $hash;
         $media->size = $photo->getSize();
         $media->mime = $photo->getMimeType();
-        $media->filter_class = $request->input('filter_class');
-        $media->filter_name = $request->input('filter_name');
+        $media->filter_class = $filterClass;
+        $media->filter_name = $filterName;
         $media->save();
 
         $url = URL::temporarySignedRoute(
diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php
index a5e9e09d..ef1d5939 100644
--- a/app/Http/Controllers/StatusController.php
+++ b/app/Http/Controllers/StatusController.php
@@ -229,8 +229,8 @@ class StatusController extends Controller
         $user = Auth::user()->profile;
         $status = Status::whereProfileId($user->id)
                 ->with(['media'])
+                ->where('created_at', '>', now()->subHours(24))
                 ->findOrFail($id);
-
         return view('status.edit', compact('user', 'status'));
     }
 
@@ -240,6 +240,7 @@ class StatusController extends Controller
         $user = Auth::user()->profile;
         $status = Status::whereProfileId($user->id)
                 ->with(['media'])
+                ->where('created_at', '>', now()->subHours(24))
                 ->findOrFail($id);
 
         $this->validate($request, [
@@ -254,7 +255,7 @@ class StatusController extends Controller
 
         $media = Media::whereProfileId($user->id)
             ->whereStatusId($status->id)
-            ->find($id);
+            ->findOrFail($id);
 
         $changed = false;
 
@@ -263,7 +264,7 @@ class StatusController extends Controller
             $changed = true;
         }
 
-        if ($media->filter_class != $filter) {
+        if ($media->filter_class != $filter && in_array($filter, Filter::classes())) {
             $media->filter_class = $filter;
             $changed = true;
         }
diff --git a/app/Util/RateLimit/User.php b/app/Util/RateLimit/User.php
index c6cbf85c..796e0fca 100644
--- a/app/Util/RateLimit/User.php
+++ b/app/Util/RateLimit/User.php
@@ -113,4 +113,14 @@ trait User {
 	{
 		return 35;
 	}
+
+	public function getMaxPostEditsPerHourAttribute()
+	{
+		return 10;
+	}
+
+	public function getMaxPostEditsPerDayAttribute()
+	{
+		return 20;
+	}
 }
\ No newline at end of file
diff --git a/resources/views/status/edit.blade.php b/resources/views/status/edit.blade.php
index f16aa2bf..5d7203ad 100644
--- a/resources/views/status/edit.blade.php
+++ b/resources/views/status/edit.blade.php
@@ -38,7 +38,7 @@
 							@csrf
 							<input type="hidden" name="media_id" value="{{$media->id}}">
 							<div class="filter-wrapper {{$media->filter_class}}" data-filter="{{$media->filter_class}}">
-								<img class="img-fluid" src="{{$media->thumbnailUrl()}}" width="100%">
+								<img class="img-fluid" src="{{$media->url()}}" width="100%">
 							</div>
 							<div class="p-3">
 								<div class="form-group">
@@ -69,12 +69,9 @@
 @endsection
 
 @push('scripts')
-<script type="text/javascript" src="{{ mix('js/compose.js') }}"></script>
 <script type="text/javascript">
 	$(document).ready(function() {
-		new Vue({ 
-			el: '#content'
-		});
+		App.boot();
 		$('.form-filters').each(function(i,d) {
 			let el = $(d);
 			let filter = el.data('filter');
diff --git a/routes/web.php b/routes/web.php
index ea77b10d..b4c75426 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -405,7 +405,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
     Route::get('p/{username}/{id}/c', 'CommentController@showAll');
     Route::get('p/{username}/{id}/embed', 'StatusController@showEmbed');
     Route::get('p/{username}/{id}/edit', 'StatusController@edit');
-    Route::post('p/{username}/{id}/edit', 'StatusController@editStore');
+    Route::post('p/{username}/{id}/edit', 'StatusController@editStore')->middleware('throttle:maxPostEditsPerHour,60')->middleware('throttle:maxPostEditsPerDay,1440');
     Route::get('p/{username}/{id}.json', 'StatusController@showObject');
     Route::get('p/{username}/{id}', 'StatusController@show');
     Route::get('{username}/embed', 'ProfileController@embed');