diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php
index 5880d8f13..4cde1c168 100644
--- a/Zotlabs/Module/Attach_edit.php
+++ b/Zotlabs/Module/Attach_edit.php
@@ -133,6 +133,11 @@ class Attach_edit extends Controller {
 				}
 				$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
 
+				if (!$x['success']) {
+					notice($x['message'] . EOL);
+					goaway($return_path);
+				}
+
 				$actions_done .= 'move,';
 
 			}
diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
index 8956ce16f..6167e9494 100644
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -16,9 +16,9 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
 
-		if(! $channel) {
+		if (!$channel) {
 			logger('channel not found');
-			killme();
+			is_ajax() ? killme() : goaway(z_root() . '/' . $_REQUEST['return_url']);
 		}
 
 		$_REQUEST['source'] = 'file_upload';
@@ -37,13 +37,16 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 		if(isset($_REQUEST['filename']) && strlen($_REQUEST['filename'])) {
 			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
-			if($r['success']) {
-				$hash = $r['data']['hash'];
-				$sync = attach_export_data($channel,$hash);
-				if($sync) {
-					Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
-				}
-				goaway(z_root() . '/' . $_REQUEST['return_url']);
+
+			if (!$r['success']) {
+				notice($r['message'] . EOL);
+				is_ajax() ? killme() : goaway(z_root() . '/' . $_REQUEST['return_url']);
+			}
+
+			$hash = $r['data']['hash'];
+			$sync = attach_export_data($channel,$hash);
+			if ($sync) {
+				Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
 			}
 		}
 		else {
@@ -90,19 +93,21 @@ class File_upload extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
-			if($r['success']) {
-				$sync = attach_export_data($channel,$r['data']['hash']);
-				if($sync)
-					Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
 
+
+			$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
+			if (!$r['success']) {
+				notice($r['message'] . EOL);
+				is_ajax() ? killme() : goaway(z_root() . '/' . $_REQUEST['return_url']);
+			}
+
+			$sync = attach_export_data($channel,$r['data']['hash']);
+			if ($sync) {
+				Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
 			}
 		}
 
-		if(is_ajax())
-			killme();
-
-		goaway(z_root() . '/' . $_REQUEST['return_url']);
+		is_ajax() ? killme() : goaway(z_root() . '/' . $_REQUEST['return_url']);
 
 	}
 
diff --git a/Zotlabs/Module/Wall_attach.php b/Zotlabs/Module/Wall_attach.php
index e354f58f1..a8db20242 100644
--- a/Zotlabs/Module/Wall_attach.php
+++ b/Zotlabs/Module/Wall_attach.php
@@ -98,8 +98,8 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 
 		$r = attach_store($channel, get_observer_hash(), '', $data);
 
-		if(! $r['success']) {
-			notice( $r['message'] . EOL);
+		if (!$r['success']) {
+			notice($r['message'] . EOL);
 			killme();
 		}
 
diff --git a/boot.php b/boot.php
index f85cd114d..657849da8 100644
--- a/boot.php
+++ b/boot.php
@@ -175,6 +175,13 @@ if (!defined('STORAGE_DEFAULT_PERMISSIONS')) {
  */
 define('MAX_IMAGE_LENGTH', -1);
 
+/**
+ * Those are the current limits we can store in the DB
+ */
+
+define('MAX_FILENAME_LENGTH', 191);
+define('MAX_FOLDER_LENGTH', 64);
+
 
 /**
  * log levels
diff --git a/include/attach.php b/include/attach.php
index bda4905f1..ea52b3aa9 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -796,6 +796,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		}
 	}
 
+	if (strlen($filename) > MAX_FILENAME_LENGTH) {
+		logger('filename too long');
+		$ret['message'] = t('Filename too long');
+		return $ret;
+	}
+
 	if(! $hash)
 		$hash = new_uuid();
 
@@ -1185,6 +1191,12 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 		return $ret;
 	}
 
+	if(strlen($arr['filename']) > MAX_FOLDER_LENGTH) {
+		logger('pathname too long');
+		$ret['message'] = t('Pathname too long');
+		return $ret;
+	}
+
 	$arr['hash'] = $arr['hash'] ?? new_uuid();
 
 	// Check for duplicate name.
@@ -2589,6 +2601,11 @@ function attach_move($channel_id, $resource_id, $new_folder_hash, $newname = '',
 		}
 	}
 
+	if (strlen($filename) > MAX_FILENAME_LENGTH) {
+		logger('filename too long');
+		$ret['message'] = t('Filename too long');
+		return $ret;
+	}
 
 	q("update attach set content = '%s', folder = '%s', filename = '%s', edited = '%s' where id = %d",
 		dbescbin($newstorepath),