From 5d5825b61d2432dbb03467d08db71fb116bd8c63 Mon Sep 17 00:00:00 2001
From: "Marc J. Schmidt" <marc@marcjschmidt.de>
Date: Fri, 10 Jun 2016 15:55:16 +0200
Subject: [PATCH] Removed auto-usage of LIKE comparison when '*' or '%' is
 found in the value.

Since this leads too easily to security issues, because
its both not well described in the documentation and not expected in
general. Usage of LIKE is still possible using Criteria::LIKE as second
parameter.
---
 src/Propel/Generator/Builder/Om/QueryBuilder.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/Propel/Generator/Builder/Om/QueryBuilder.php b/src/Propel/Generator/Builder/Om/QueryBuilder.php
index 3dd3c23fcc..9afd7af162 100644
--- a/src/Propel/Generator/Builder/Om/QueryBuilder.php
+++ b/src/Propel/Generator/Builder/Om/QueryBuilder.php
@@ -1122,9 +1122,6 @@ public function filterBy$colPhpName(\$$variableName = null, \$comparison = null)
         if (null === \$comparison) {
             if (is_array(\$$variableName)) {
                 \$comparison = Criteria::IN;
-            } elseif (preg_match('/[\%\*]/', \$$variableName)) {
-                \$$variableName = str_replace('*', '%', \$$variableName);
-                \$comparison = Criteria::LIKE;
             }
         }";
         } elseif ($col->isBooleanType()) {