diff --git a/src/api/users.js b/src/api/users.js
index e0382c95cd..bbb02a43bb 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -443,6 +443,10 @@ usersAPI.changePicture = async (caller, data) => {
 };
 
 usersAPI.generateExport = async (caller, { uid, type }) => {
+	const validTypes = ['profile', 'posts', 'uploads'];
+	if (!validTypes.includes(type)) {
+		throw new Error('[[error:invalid-data]]');
+	}
 	const count = await db.incrObjectField('locks', `export:${uid}${type}`);
 	if (count > 1) {
 		throw new Error('[[error:already-exporting]]');
diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
index 20a869056c..95c0097116 100644
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@@ -74,6 +74,6 @@ module.exports = function (SocketUser) {
 
 		await user.isAdminOrSelf(socket.uid, data.uid);
 
-		api.users.generateExport(socket, { type, ...data });
+		api.users.generateExport(socket, { type, uid: data.uid });
 	}
 };