Merge pull request #9097 from kenjis/docs-model-validation

docs: improve In-Model Validation

Author: kenjis

user_guide_src/source/libraries/validation.rst

@@ -476,6 +476,8 @@ the validation rules.
 .. literalinclude:: validation/045.php
    :lines: 2-
 
+.. _saving-validation-rules-to-config-file:
+
 Saving Sets of Validation Rules to the Config File
 ==================================================
 
@@ -875,6 +877,8 @@ Or you can use the following parameters:
 .. literalinclude:: validation/047.php
    :lines: 2-
 
+.. _validation-available-rules:
+
 ***************
 Available Rules
 ***************

user_guide_src/source/models/model.rst

@@ -243,13 +243,13 @@ $validationRules
 
 Contains either an array of validation rules as described in :ref:`validation-array`
 or a string containing the name of a validation group, as described in the same section.
-Described in more detail below.
+See also :ref:`model-setting-validation-rules`.
 
 $validationMessages
 ^^^^^^^^^^^^^^^^^^^
 
 Contains an array of custom error messages that should be used during validation, as
-described in :ref:`validation-custom-errors`. Described in more detail below.
+described in :ref:`validation-custom-errors`. See also :ref:`model-setting-validation-rules`.
 
 $skipValidation
 ^^^^^^^^^^^^^^^
@@ -649,11 +649,14 @@ Cleans out the database table by permanently removing all rows that have 'delete
 In-Model Validation
 ===================
 
+.. warning:: In-Model validation is performed just before data is stored in the
+    database. Prior to that point, the data has not yet been validated. Processing
+    user-input data prior to validation may introduce vulnerabilities.
+
 Validating Data
 ---------------
 
-For many people, validating data in the model is the preferred way to ensure the data is kept to a single
-standard, without duplicating code. The Model class provides a way to automatically have all data validated
+The Model class provides a way to automatically have all data validated
 prior to saving to the database with the ``insert()``, ``update()``, or ``save()`` methods.
 
 .. important:: When you update data, by default, the validation in the model class only
@@ -668,16 +671,24 @@ prior to saving to the database with the ``insert()``, ``update()``, or ``save()
     To avoid such glitches, this behavior can be changed by configuration. See
     :ref:`clean-validation-rules` for details.
 
+.. _model-setting-validation-rules:
+
 Setting Validation Rules
 ------------------------
 
-The first step is to fill out the `$validationRules`_ class property with the fields and rules that should
-be applied. If you have custom error message that you want to use, place them in the `$validationMessages`_ array:
+The first step is to fill out the `$validationRules`_ class property with the
+fields and rules that should be applied.
+
+.. note:: You can see the list of built-in Validation rules in :ref:`validation-available-rules`.
+
+If you have custom error message that you want to use, place them in the `$validationMessages`_ array:
 
 .. literalinclude:: model/027.php
 
-If you'd rather organize your rules and error messages within the Validation configuration file, you can do that
-and simply set `$validationRules`_ to the name of the validation rule group you created:
+If you'd rather organize your rules and error messages within the
+:ref:`Validation Config File <saving-validation-rules-to-config-file>`, you can
+do that and simply set `$validationRules`_ to the name of the validation rule
+group you created:
 
 .. literalinclude:: model/034.php