diff --git a/public/src/client/chats/manage.js b/public/src/client/chats/manage.js
index 0a18a9ca7a..1f7351714e 100644
--- a/public/src/client/chats/manage.js
+++ b/public/src/client/chats/manage.js
@@ -102,7 +102,7 @@ define('forum/chats/manage', [
 
 	function addKickHandler(roomId, modal) {
 		modal.on('click', '[data-action="kick"]', function () {
-			const uid = parseInt(this.getAttribute('data-uid'), 10);
+			const uid = encodeURIComponent(this.getAttribute('data-uid'));
 
 			api.del(`/chats/${roomId}/users/${uid}`, {}).then((body) => {
 				refreshParticipantsList(roomId, modal, body);
diff --git a/src/messaging/notifications.js b/src/messaging/notifications.js
index d939bc939b..506a280d39 100644
--- a/src/messaging/notifications.js
+++ b/src/messaging/notifications.js
@@ -80,6 +80,7 @@ module.exports = function (Messaging) {
 
 		try {
 			await sendNotification(fromUid, roomId, messageObj);
+			// await federate(fromUid, roomId, messageObj);
 		} catch (err) {
 			winston.error(`[messaging/notifications] Unabled to send notification\n${err.stack}`);
 		}
@@ -98,7 +99,8 @@ module.exports = function (Messaging) {
 		const { ALLMESSAGES } = Messaging.notificationSettings;
 		await batch.processSortedSet(`chat:room:${roomId}:uids:online`, async (uids) => {
 			uids = uids.filter(
-				uid => (parseInt((settings && settings[uid]) || roomDefault, 10) === ALLMESSAGES) &&
+				uid => utils.isNumber(uid) &&
+					(parseInt((settings && settings[uid]) || roomDefault, 10) === ALLMESSAGES) &&
 					fromUid !== parseInt(uid, 10) &&
 					!realtimeUids.includes(parseInt(uid, 10))
 			);
@@ -140,4 +142,7 @@ module.exports = function (Messaging) {
 			await notifications.push(notification, uidsToNotify);
 		}
 	}
+
+	// async function federate(fromUid, roomId, messageObj) {
+	// }
 };
diff --git a/src/messaging/rooms.js b/src/messaging/rooms.js
index 04c75e9e67..8b57b81da7 100644
--- a/src/messaging/rooms.js
+++ b/src/messaging/rooms.js
@@ -13,6 +13,7 @@ const meta = require('../meta');
 const io = require('../socket.io');
 const cache = require('../cache');
 const cacheCreate = require('../cacheCreate');
+const utils = require('../utils');
 
 const roomUidCache = cacheCreate({
 	name: 'chat:room:uids',
@@ -259,6 +260,13 @@ module.exports = function (Messaging) {
 
 	Messaging.addUsersToRoom = async function (uid, uids, roomId) {
 		uids = _.uniq(uids);
+
+		// Public rooms must only contain local users
+		const isPublic = await db.getObjectField(`chat:room:${roomId}`, 'public');
+		if (parseInt(isPublic, 10) === 1 && uids.some(uid => !utils.isNumber(uid))) {
+			throw new Error('[[error:invalid-uid]]');
+		}
+
 		const inRoom = await Messaging.isUserInRoom(uid, roomId);
 		const payload = await plugins.hooks.fire('filter:messaging.addUsersToRoom', { uid, uids, roomId, inRoom });
 
diff --git a/src/messaging/unread.js b/src/messaging/unread.js
index 6144def618..1a63d81139 100644
--- a/src/messaging/unread.js
+++ b/src/messaging/unread.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const db = require('../database');
+const utils = require('../utils');
 const io = require('../socket.io');
 
 module.exports = function (Messaging) {
@@ -26,6 +27,10 @@ module.exports = function (Messaging) {
 	};
 
 	Messaging.markRead = async (uid, roomId) => {
+		if (!utils.isNumber(uid)) {
+			return;
+		}
+
 		await Promise.all([
 			db.sortedSetRemove(`uid:${uid}:chat:rooms:unread`, roomId),
 			db.setObjectField(`uid:${uid}:chat:rooms:read`, roomId, Date.now()),
@@ -64,6 +69,9 @@ module.exports = function (Messaging) {
 	};
 
 	Messaging.markUnread = async (uids, roomId) => {
+		// Remote users don't have (un)read states
+		uids = uids.filter(uid => utils.isNumber(uid));
+
 		const exists = await Messaging.roomExists(roomId);
 		if (!exists) {
 			return;