Unsafe data being saved to answers when created
ghelton opened this issue · comments
Grant Helton commented
instead of deleting answer.points
we should be creating a new object with the exact values we need
answer.controller.js
exports.post = function(req, res) {
var answer = req.body;
var points = answer.points;
var user_id = req._user.id;
delete answer.points;
Answer.forge()
.save(answer, {debug:false, required:true})
.then(function(model){
//mark question as answered
...