diff --git a/app/controllers/avatar_controller.rb b/app/controllers/avatar_controller.rb
index 52971121..7a276ae5 100644
--- a/app/controllers/avatar_controller.rb
+++ b/app/controllers/avatar_controller.rb
@@ -9,6 +9,7 @@ class AvatarController < ApplicationController
   def upload
     if params[:source_type] == "User" && !(User.current.admin? || User.current.id == params[:source_id].to_i)
       render_403
+      return
     end
 
     # Make sure that API users get used to set this content type