diff --git a/app/models/person.rb b/app/models/person.rb
index 72f4c46b9..74079ff93 100644
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -35,7 +35,7 @@ class Person
      /^(https?):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\.[a-z]{2,5})?(:[0-9]{1,5})?(\/.*)?$/ix
 
   def self.search(query)
-    query = query.to_s.strip
+    query = Regexp.escape( query.to_s.strip )
     Person.all('profile.first_name' => /^#{query}/i) | Person.all('profile.last_name' => /^#{query}/i)
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index f0481341a..e02c58534 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -105,7 +105,10 @@ class User
     end
 
     aspect_ids = [aspect_ids.to_s] if aspect_ids.is_a? BSON::ObjectId
+
     raise ArgumentError.new("You must post to someone.") if aspect_ids.nil? || aspect_ids.empty?
+    aspect_ids.each{ |aspect_id|
+      raise ArgumentError.new("Cannot post to an aspect you do not own.") unless self.aspects.find(aspect_id) }
 
     post = build_post(class_name, options)
 
diff --git a/spec/models/user/posting_spec.rb b/spec/models/user/posting_spec.rb
index b1f6f71a8..d00747a2d 100644
--- a/spec/models/user/posting_spec.rb
+++ b/spec/models/user/posting_spec.rb
@@ -30,6 +30,10 @@ describe User do
     proc {@user.post(:status_message, :message => "heyheyhey")}.should raise_error /You must post to someone/
   end
 
+  it 'should not be able to post to someone elses aspect' do
+    proc {@user.post(:status_message, :message => "heyheyhey", :to => @aspect2.id)}.should raise_error /Cannot post to an aspect you do not own./
+  end
+  
   it 'should put the post in the aspect post array' do
     post = @user.post(:status_message, :message => "hey", :to => @aspect.id)
     @aspect.reload