From cb517fda9e3fc95e714dabfdb25bf71dabefc7a6 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Thu, 12 Sep 2013 15:27:23 +0200
Subject: [PATCH] Safety note on DataObject::$validation_enabled

---
 model/DataObject.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/model/DataObject.php b/model/DataObject.php
index 3d7a730fe..f27a3c8e7 100644
--- a/model/DataObject.php
+++ b/model/DataObject.php
@@ -141,6 +141,9 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
 	/**
 	 * @config
 	 * @var boolean Should dataobjects be validated before they are written?
+	 * Caution: Validation can contain safeguards against invalid/malicious data,
+	 * and check permission levels (e.g. on {@link Group}). Therefore it is recommended
+	 * to only disable validation for very specific use cases.
 	 */
 	private static $validation_enabled = true;