diff --git a/lib/Service/LabelService.php b/lib/Service/LabelService.php
index 48ccb89e1..098c95293 100644
--- a/lib/Service/LabelService.php
+++ b/lib/Service/LabelService.php
@@ -70,6 +70,7 @@ class LabelService {
 	 * @throws \OCA\Deck\NoPermissionException
 	 * @throws \OCP\AppFramework\Db\DoesNotExistException
 	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws BadRequestException
 	 */
 	public function create($title, $color, $boardId) {
 
@@ -103,6 +104,7 @@ class LabelService {
 	 * @throws \OCA\Deck\NoPermissionException
 	 * @throws \OCP\AppFramework\Db\DoesNotExistException
 	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws BadRequestException
 	 */
 	public function delete($id) {
 
@@ -126,6 +128,7 @@ class LabelService {
 	 * @throws \OCA\Deck\NoPermissionException
 	 * @throws \OCP\AppFramework\Db\DoesNotExistException
 	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws BadRequestException
 	 */
 	public function update($id, $title, $color) {
 
diff --git a/lib/Service/StackService.php b/lib/Service/StackService.php
index e8bcacaf3..b30c94296 100644
--- a/lib/Service/StackService.php
+++ b/lib/Service/StackService.php
@@ -276,8 +276,18 @@ class StackService {
 	 * @throws \OCA\Deck\NoPermissionException
 	 * @throws \OCP\AppFramework\Db\DoesNotExistException
 	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws BadRequestException
 	 */
 	public function reorder($id, $order) {
+
+		if (is_numeric($id) === false) {
+			throw new BadRquestException('id must be a number');
+		}
+
+		if ($order === false || $order === null) {
+			throw new BadRequestException('order must be provided');
+		}
+
 		$this->permissionService->checkPermission($this->stackMapper, $id, Acl::PERMISSION_EDIT);
 		$stackToSort = $this->stackMapper->find($id);
 		$stacks = $this->stackMapper->findAll($stackToSort->getBoardId());