I found strange behaivour. Simple example, register form.
if ($this->isPost('User')) {
$oUser->attributes = $_POST['User'];
// ...
if ($oUser->validate()) { // is true
$oUser->password = $oUser->hashPassword($oUser->password); // blowfish
$oUser->save(); // is not saving! receive errors on 'passwords not matched'
But I wonder, why validation is executed before save(). I thought that save and validate is not connected. So if we want to check validation we use validate() before execute save()…
If validation is performed by default before save, it ensures that the attributes match the rules before persisting them. If this wasn’t the case, you’d have to call validate() before every call to save(), and if you forgot to do this, you’d be opening a potential security hole. It’s far safer for validation to occur on save by default.