diff --git a/src/flags.js b/src/flags.js
index b5e62c2392..f3da5cb5f2 100644
--- a/src/flags.js
+++ b/src/flags.js
@@ -313,6 +313,11 @@ Flags.getNotes = async function (flagId) {
 };
 
 Flags.getNote = async function (flagId, datetime) {
+	datetime = parseInt(datetime, 10);
+	if (isNaN(datetime)) {
+		throw new Error('[[error:invalid-data]]');
+	}
+
 	let notes = await db.getSortedSetRangeByScoreWithScores(`flag:${flagId}:notes`, 0, 1, datetime, datetime);
 	if (!notes.length) {
 		throw new Error('[[error:invalid-data]]');
@@ -361,6 +366,11 @@ async function modifyNotes(notes) {
 }
 
 Flags.deleteNote = async function (flagId, datetime) {
+	datetime = parseInt(datetime, 10);
+	if (isNaN(datetime)) {
+		throw new Error('[[error:invalid-data]]');
+	}
+
 	const note = await db.getSortedSetRangeByScore(`flag:${flagId}:notes`, 0, 1, datetime, datetime);
 	if (!note.length) {
 		throw new Error('[[error:invalid-data]]');
diff --git a/src/socket.io/flags.js b/src/socket.io/flags.js
index 8f88575eb5..7b53f4e28a 100644
--- a/src/socket.io/flags.js
+++ b/src/socket.io/flags.js
@@ -1,7 +1,5 @@
 'use strict';
 
-const user = require('../user');
-const flags = require('../flags');
 const sockets = require('.');
 const api = require('../api');
 
diff --git a/test/flags.js b/test/flags.js
index 58ef8ba102..3a7fa5acd2 100644
--- a/test/flags.js
+++ b/test/flags.js
@@ -811,6 +811,10 @@ describe('Flags', () => {
 					resolveWithFullResponse: true,
 				});
 				assert.strictEqual(statusCode, 403);
+
+				// Handle dev mode test
+				delete body.stack;
+
 				assert.deepStrictEqual(body, {
 					status: {
 						code: 'forbidden',