Update the public key for public contacts if the key was empty before

diff --git a/src/Object/Contact.php b/src/Object/Contact.php
index 64e61b9ce2a06253f4ec78b5b3f9d6181378cb22..f72ec025a4dbda0bcbba72a56acb8068ccb6569c 100644 (file)
--- a/src/Object/Contact.php
+++ b/src/Object/Contact.php
@@ -694,7 +694,8 @@ class Contact extends BaseObject
 
                self::updateAvatar($data["photo"], $uid, $contact_id);
 
-               $contact = dba::select('contact', array('url', 'nurl', 'addr', 'alias', 'name', 'nick', 'keywords', 'location', 'about', 'avatar-date'), array('id' => $contact_id), array('limit' => 1));
+               $fields = array('url', 'nurl', 'addr', 'alias', 'name', 'nick', 'keywords', 'location', 'about', 'avatar-date', 'pubkey');
+               $contact = dba::select('contact', $fields, array('id' => $contact_id), array('limit' => 1));
 
                // This condition should always be true
                if (!DBM::is_result($contact)) {
@@ -708,6 +709,13 @@ class Contact extends BaseObject
                        'name' => $data['name'],
                        'nick' => $data['nick']);
 
+               // Only fill the pubkey if it was empty before. We have to prevent identity theft.
+               if (!empty($contact['pubkey'])) {
+                       unset($contact['pubkey']);
+               } else {
+                       $updated['pubkey'] = $data['pubkey'];
+               }
+
                if ($data['keywords'] != '') {
                        $updated['keywords'] = $data['keywords'];
                }