diff --git a/src/controllers/accounts/edit.js b/src/controllers/accounts/edit.js
index 397d7c2aa3..c050ea422c 100644
--- a/src/controllers/accounts/edit.js
+++ b/src/controllers/accounts/edit.js
@@ -134,6 +134,7 @@ editController.uploadPicture = async function (req, res, next) {
 		await user.checkMinReputation(req.uid, updateUid, 'min:rep:profile-picture');
 
 		const image = await user.uploadCroppedPictureFile({
+			callerUid: req.uid,
 			uid: updateUid,
 			file: userPhoto,
 		});
diff --git a/src/socket.io/user/picture.js b/src/socket.io/user/picture.js
index 99797a418d..7b900513ed 100644
--- a/src/socket.io/user/picture.js
+++ b/src/socket.io/user/picture.js
@@ -38,10 +38,11 @@ module.exports = function (SocketUser) {
 			data.bgColor = validBackgrounds[0];
 		}
 
-		await user.setUserFields(data.uid, {
-			picture,
+		await user.updateProfile(socket.uid, {
+			uid: data.uid,
+			picture: picture,
 			'icon:bgColor': data.bgColor,
-		});
+		}, ['picture', 'icon:bgColor']);
 	};
 
 	SocketUser.removeUploadedPicture = async function (socket, data) {
diff --git a/src/user/picture.js b/src/user/picture.js
index 8e42405235..1cfda9ebef 100644
--- a/src/user/picture.js
+++ b/src/user/picture.js
@@ -108,10 +108,11 @@ module.exports = function (User) {
 		});
 
 		await deleteCurrentPicture(data.uid, 'uploadedpicture');
-		await User.setUserFields(data.uid, {
+		await User.updateProfile(data.callerUid, {
+			uid: data.uid,
 			uploadedpicture: uploadedImage.url,
 			picture: uploadedImage.url,
-		});
+		}, ['uploadedpicture', 'picture']);
 		return uploadedImage;
 	};
 
diff --git a/src/user/profile.js b/src/user/profile.js
index f8d6ab787a..ba68b7ae0c 100644
--- a/src/user/profile.js
+++ b/src/user/profile.js
@@ -1,6 +1,7 @@
 
 'use strict';
 
+const _ = require('lodash');
 const async = require('async');
 const validator = require('validator');
 const winston = require('winston');
@@ -13,11 +14,14 @@ const groups = require('../groups');
 const plugins = require('../plugins');
 
 module.exports = function (User) {
-	User.updateProfile = async function (uid, data) {
+	User.updateProfile = async function (uid, data, extraFields) {
 		let fields = [
 			'username', 'email', 'fullname', 'website', 'location',
 			'groupTitle', 'birthday', 'signature', 'aboutme',
 		];
+		if (Array.isArray(extraFields)) {
+			fields = _.uniq(fields.concat(extraFields));
+		}
 		if (!data.uid) {
 			throw new Error('[[error:invalid-update-uid]]');
 		}
diff --git a/test/user.js b/test/user.js
index ac5e60e7bc..cba9bf0e02 100644
--- a/test/user.js
+++ b/test/user.js
@@ -871,7 +871,7 @@ describe('User', () => {
 					signature: 'nodebb is good',
 					password: '123456',
 				};
-				socketUser.updateProfile({ uid: uid }, { ...data, password: '123456' }, (err, result) => {
+				socketUser.updateProfile({ uid: uid }, { ...data, password: '123456', invalid: 'field' }, (err, result) => {
 					assert.ifError(err);
 
 					assert.equal(result.username, 'updatedUserName');
@@ -887,6 +887,8 @@ describe('User', () => {
 								assert(userData[key].startsWith('$2a$'));
 							}
 						});
+						// updateProfile only saves valid fields
+						assert.strictEqual(userData.invalid, undefined);
 						done();
 					});
 				});