X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=models%2FUser.js;fp=models%2FUser.js;h=171dc2c2d0fb816ef684bbfcd3e49c10acd43819;hb=8ef618ef05070642849f50861399116c2d69a816;hp=6eff2735684af0271e0b753a94a1b278c9883589;hpb=ff1d4c3f43d8333e9629a8e59606c234cb10869f;p=vchess.git

diff --git a/models/User.js b/models/User.js
index 6eff2735..171dc2c2 100644
--- a/models/User.js
+++ b/models/User.js
@@ -14,6 +14,9 @@ var params = require("../config/parameters");
  *   notify: boolean (send email notifications for corr games)
  */
 
+// TODO: consider sanitizing http://www.unixwiz.net/techtips/sql-injection.html
+// But parameters are supposed to already be cleaned (in controller).
+
 // User creation
 exports.create = function(name, email, notify, callback)
 {