$this->validator->getValidated() looks stupid and unnecessary

From the docs:

The actual validated data can be retrieved with the getValidated() method. This method returns an array of only those elements that have been validated by the validation rules.

if $this->validate() returns true then we can be sure about the submitted data.

No, this is not true. You can only be sure of the data that was VALIDATED and not all the submitted data. An attacker, for example can send some other data to your form, and it will be included in the request, and since it is not being validated (no rules set), the submitted data may contain more than what you envisaged.

So, to be sure that you are only retrieving or using the exact data that you expect, getValidated() does the trick. Before now, you may be doing something like so:

PHP Code:

if ($this->validate($rules) {
    $postRequest = $this->request->getPost(); // this may also contain some unexpected data.
} 


PS: You could have made your point or request without using derogatory words.

I'm sorry but you reply doesn't make any sense to me. 

Of course, fields were not set in the validation rule set should not be trusted. It's a no brainer thing. And we do it intentionally sometimes, because there are some situations that we dont want some fields to be validated. And we know the fact that only the fields are in the validation rule set can be trusted.

I think it's kinda unnecessary thing to use two different variables to access both valid data and unsure data like:,

$validData = $this->validator->getValidated();
$validAndInvalidData = $this->request->getPost();

Instead the programmer can use only the $validAndInvalidData = $this->request->getPost(); and he/she should know what fields should be trust and what should not.

Still If i'm missing somthing here. please correct me. I know I could be wrong. 

Thanks for the reply.