diff --git a/spec/env_mock.lua b/spec/env_mock.lua
index c4d0873..30d8d07 100644
--- a/spec/env_mock.lua
+++ b/spec/env_mock.lua
@@ -127,7 +127,7 @@ local smr_mock_env_m = {
 	__index = smr_mock_env,
 	__newindex = function(self,key,value)
 		local setter = debug.getinfo(2)
-		if setter.source ~= "=[C]" and key ~= "configure" then
+		if setter.source ~= "=[C]" and setter.source ~= "@./global.lua" and key ~= "configure" then
 			error(string.format(
 				"Tried to create a global %q with value %s\n%s",
 				key,
diff --git a/spec/pages_sanity_spec.lua b/spec/pages_sanity_spec.lua
index fa49a0d..ac07d12 100644
--- a/spec/pages_sanity_spec.lua
+++ b/spec/pages_sanity_spec.lua
@@ -79,7 +79,17 @@ local pages = {
 			},
 		}
 	},
-	--TODO:bio
+	bio = {
+		route = "/_bio",
+		name = "edit_bio",
+		methods = {
+			GET={},
+			POST={
+				user = rng_subdomain,
+				pass = rng_any
+			},
+		}
+	},
 	login = {
 		route = "/_login",
 		name = "login",
@@ -194,6 +204,7 @@ local smr_mock_env = {
 }
 local sfmt = string.format
 local string_fmt_override = {
+	--[[
 	format = spy.new(function(fmt,...)
 		local args = {...}
 		for i = 1,#args do
@@ -204,19 +215,20 @@ local string_fmt_override = {
 		table.insert(args,1,fmt)
 		return sfmt(unpack(args))
 	end)
+	]]
 }
 setmetatable(string_fmt_override,{__index = string})
 local smr_override_env = {
 	--Detour assert so we don't actually perform any checks
-	assert = spy.new(function(bool,msg,level) return bool end),
+	--assert = spy.new(function(bool,msg,level) return bool end),
 	--Allow string.format to accept nil as arguments
-	string = string_fmt_override
+	--string = string_fmt_override
 }
 local smr_mock_env_m = {
 	__index = smr_mock_env,
 	__newindex = function(self,key,value)
 		local setter = debug.getinfo(2)
-		if setter.source ~= "=[C]" and key ~= "configure" then
+		if setter.source ~= "=[C]" and setter.source ~= "@./global.lua" and key ~= "configure" then
 			error(string.format(
 				"Tried to create a global %q with value %s\n%s",
 				key,
diff --git a/src/lua/endpoints/bio_get.lua b/src/lua/endpoints/bio_get.lua
index 18fac1d..447a973 100644
--- a/src/lua/endpoints/bio_get.lua
+++ b/src/lua/endpoints/bio_get.lua
@@ -45,10 +45,10 @@ local function bio_edit_get(req)
 			errcode = 500,
 			errcodemsg = "Server error",
 			explanation = string.format([[
-Tried to get the biography of author %q (%d) but no author with that id was
+Tried to get the biography of author %q (%s) but no author with that id was
 found, please report this error.
-]], author, authorid),
-			should_traceback=true
+]], tostring(author), tostring(authorid)),
+			should_traceback = true
 		}
 		stmnt_bio:reset()
 		http_response(req,500,ret)
diff --git a/src/lua/endpoints/bio_post.lua b/src/lua/endpoints/bio_post.lua
index 2147356..ce96b17 100644
--- a/src/lua/endpoints/bio_post.lua
+++ b/src/lua/endpoints/bio_post.lua
@@ -24,6 +24,16 @@ local function edit_bio(req)
 	local host = http_request_get_host(req)
 	local path = http_request_get_path(req)
 	local author, author_id = session.get(req)
+	if not (author and author_id) then
+		local response = pages.error{
+			errcode = 401,
+			errcodemsg = "Unauthorized",
+			explanation = string.format("You must be logged in to edit a biography. Your login session may have expiried."),
+			should_traceback = true,
+		}
+		http_response(req,401,response)
+		return
+	end
 
 	http_request_populate_post(req)
 	local text = http_argument_get_string(req,"text") or ""
@@ -36,7 +46,7 @@ local function edit_bio(req)
 	db.sqlbind(stmnt_update_bio, "bind", 2, author_id)
 	if db.do_sql(stmnt_update_bio) ~= sql.DONE then
 		stmnt_update_bio:reset()
-		error("Faled to update biography")
+		error("Failed to update biography")
 	end
 	stmnt_update_bio:reset()
 	local loc = string.format("https://%s.%s",author,config.domain)
diff --git a/src/lua/endpoints/edit_post.lua b/src/lua/endpoints/edit_post.lua
index f604a19..f94ed56 100644
--- a/src/lua/endpoints/edit_post.lua
+++ b/src/lua/endpoints/edit_post.lua
@@ -55,7 +55,16 @@ local function edit_post(req)
 	local data = stmnt_author_of:get_values()
 	stmnt_author_of:reset()
 	local realauthor = data[1]
-	assert(realauthor == author_id) --Make sure the author of the story is the currently logged in user
+	if realauthor ~= author_id then
+		local response = pages.error{
+			errcode = 401,
+			errcodemsg = "Unauthorized",
+			explanation = string.format("You are trying to edit post %d, but it is another user's post. You are %s.",storyid, author_id),
+			should_traceback = true,
+		}
+		http_response(req,401,response)
+		return
+	end
 	local parsed = parsers[markup](text)
 	local compr_raw = zlib.compress(text)
 	local compr = zlib.compress(parsed)
diff --git a/src/lua/pages.lua b/src/lua/pages.lua
index d340fda..8817644 100644
--- a/src/lua/pages.lua
+++ b/src/lua/pages.lua
@@ -27,20 +27,23 @@ for k,v in pairs(pagenames) do
 	local parser = et.Parser()
 	local f = assert(io.open(path,"r"))
 	local fdata = assert(f:read("*a"))
-	local e,code = assert(xpcall(function()
-		return parser:compile_to_lua(fdata)
-	end,function(err)
-		return debug.traceback(string.format("Failed to parse %s: %s",path, err))
-	end))
+	local code, err = parser:compile_to_lua(fdata)
+	if not code then
+		errorf("Failed to parse %s: %s",path,err)
+	end
 	local func, err = parser:load(code)
 	if not func then
 		error(string.format("Failed to load %s: %s",path, err))
 	end
 	f:close()
 	assert(func, "Failed to load " .. path)
-	pages[v] = function(...)
-		local buf = assert(parser:run(func,...))
-		return table.concat(buf)
+	pages[v] = function(env)
+		assert(type(env) == "table","env must be a table")
+		local buff, err = parser:run(func,env)
+		if not buff then
+			errorf("Failed to render %s : %s", path, err)
+		end
+		return table.concat(buff)
 	end
 end