diff --git a/src/controllers/admin/uploads.js b/src/controllers/admin/uploads.js
index 1c31a00ebc..98a2386a9f 100644
--- a/src/controllers/admin/uploads.js
+++ b/src/controllers/admin/uploads.js
@@ -14,6 +14,7 @@ function validateUpload(res, req, allowedTypes) {
 			error: 'Invalid image type. Allowed types are: ' + allowedTypes.join(', ')
 		};
 
+		fs.unlink(req.files.userPhoto.path);
 		res.send(req.xhr ? err : JSON.stringify(err));
 		return false;
 	}
@@ -21,14 +22,12 @@ function validateUpload(res, req, allowedTypes) {
 	return true;
 }
 
-
-
 uploadsController.uploadImage = function(filename, folder, req, res) {
 	function done(err, image) {
 		var er, rs;
 		fs.unlink(req.files.userPhoto.path);
 
-		if(err) {
+		if (err) {
 			er = {error: err.message};
 			return res.send(req.xhr ? er : JSON.stringify(er));
 		}
@@ -37,7 +36,7 @@ uploadsController.uploadImage = function(filename, folder, req, res) {
 		res.send(req.xhr ? rs : JSON.stringify(rs));
 	}
 
-	if(plugins.hasListeners('filter:uploadImage')) {
+	if (plugins.hasListeners('filter:uploadImage')) {
 		plugins.fireHook('filter:uploadImage', req.files.userPhoto, done);
 	} else {
 		file.saveFileToLocal(filename, folder, req.files.userPhoto.path, done);
@@ -54,6 +53,7 @@ uploadsController.uploadCategoryPicture = function(req, res, next) {
 		var err = {
 			error: 'Error uploading file! Error :' + e.message
 		};
+		fs.unlink(req.files.userPhoto.path);
 		return res.send(req.xhr ? err : JSON.stringify(err));
 	}
 
@@ -70,7 +70,8 @@ uploadsController.uploadFavicon = function(req, res, next) {
 		file.saveFileToLocal('favicon.ico', 'files', req.files.userPhoto.path, function(err, image) {
 			fs.unlink(req.files.userPhoto.path);
 
-			if(err) {
+			if (err) {
+				err = {error: err.message};
 				return res.send(req.xhr ? err : JSON.stringify(err));
 			}
 
diff --git a/src/middleware/index.js b/src/middleware/index.js
index 6d8ab06c25..16b36673d8 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -1,11 +1,11 @@
 "use strict";
 
-var utils = require('./../../public/src/utils'),
-	meta = require('./../meta'),
-	plugins = require('./../plugins'),
-	db = require('./../database'),
-	auth = require('./../routes/authentication'),
-	emitter = require('./../emitter'),
+var utils = require('../../public/src/utils'),
+	meta = require('../meta'),
+	plugins = require('../plugins'),
+	db = require('../database'),
+	auth = require('../routes/authentication'),
+	emitter = require('../emitter'),
 
 	async = require('async'),
 	path = require('path'),
@@ -19,7 +19,6 @@ var utils = require('./../../public/src/utils'),
 	cookieParser = require('cookie-parser'),
 	compression = require('compression'),
 	favicon = require('serve-favicon'),
-	multipart = require('connect-multiparty'),
 	session = require('express-session'),
 	cluster = require('cluster'),
 
@@ -31,7 +30,7 @@ var middleware = {};
 
 function routeCurrentTheme(app, themeId, themesData) {
 	themeId = (themeId || 'nodebb-theme-vanilla');
-	
+
 	var	themeObj = (function(id) {
 			return themesData.filter(function(themeObj) {
 				return themeObj.id === id;
@@ -49,7 +48,7 @@ function routeCurrentTheme(app, themeId, themesData) {
 function setupFavicon(app) {
 	var faviconPath = path.join(__dirname, '../../', 'public', meta.config['brand:favicon'] ? meta.config['brand:favicon'] : 'favicon.ico');
 	if (fs.existsSync(faviconPath)) {
-		app.use(favicon(faviconPath));	
+		app.use(favicon(faviconPath));
 	}
 }
 
@@ -70,7 +69,7 @@ module.exports = function(app, data) {
 	app.use(compression());
 
 	setupFavicon(app);
-	
+
 	app.use(relativePath + '/apple-touch-icon', middleware.routeTouchIcon);
 
 	app.use(bodyParser.urlencoded({extended: true}));
@@ -93,8 +92,6 @@ module.exports = function(app, data) {
 		saveUninitialized: true
 	}));
 
-	app.use(multipart());
-
 	app.use(function (req, res, next) {
 		res.setHeader('X-Powered-By', 'NodeBB');
 
diff --git a/src/privileges/categories.js b/src/privileges/categories.js
index 02888d3e54..c957f1be6e 100644
--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@@ -35,7 +35,7 @@ module.exports = function(privileges) {
 			var isAdminOrMod = results.isAdministrator || results.isModerator;
 
 			callback(null, {
-				'topics:create': results['topics:create'][0],
+				'topics:create': results['topics:create'][0] || isAdminOrMod,
 				editable: isAdminOrMod,
 				view_deleted: isAdminOrMod,
 				read: results.read[0] || isAdminOrMod
diff --git a/src/routes/admin.js b/src/routes/admin.js
index 73482537b3..6650f32f2a 100644
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -7,10 +7,15 @@ function apiRoutes(app, middleware, controllers) {
 	// todo, needs to be in api namespace
 	app.get('/users/csv', middleware.authenticate, controllers.admin.users.getCSV);
 
-	app.post('/category/uploadpicture', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture);
-	app.post('/uploadfavicon', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon);
-	app.post('/uploadlogo', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo);
-	app.post('/uploadgravatardefault', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault);
+	var multipart = require('connect-multiparty');
+	var multipartMiddleware = multipart();
+
+	var middlewares = [multipartMiddleware, middleware.applyCSRF, middleware.authenticate];
+
+	app.post('/category/uploadpicture', middlewares, controllers.admin.uploads.uploadCategoryPicture);
+	app.post('/uploadfavicon', middlewares, controllers.admin.uploads.uploadFavicon);
+	app.post('/uploadlogo', middlewares, controllers.admin.uploads.uploadLogo);
+	app.post('/uploadgravatardefault', middlewares, controllers.admin.uploads.uploadGravatarDefault);
 }
 
 function adminRouter(middleware, controllers) {
diff --git a/src/routes/api.js b/src/routes/api.js
index 67cddd2aa8..aaf7a1b572 100644
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -206,8 +206,11 @@ module.exports =  function(app, middleware, controllers) {
 	router.get('/categories/:cid/moderators', getModerators);
 	router.get('/recent/posts/:term?', getRecentPosts);
 
-	router.post('/post/upload', middleware.applyCSRF, uploadPost);
-	router.post('/topic/thumb/upload', middleware.applyCSRF, uploadThumb);
-	router.post('/user/:userslug/uploadpicture', middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
+	var multipart = require('connect-multiparty');
+	var multipartMiddleware = multipart();
+
+	router.post('/post/upload', multipartMiddleware, middleware.applyCSRF, uploadPost);
+	router.post('/topic/thumb/upload', multipartMiddleware, middleware.applyCSRF, uploadThumb);
+	router.post('/user/:userslug/uploadpicture', multipartMiddleware, middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
 
 };