Removed auto-usage of LIKE comparison when '*' or '%' is found in the

value. Since this leads too easily to security issues, because its both not well described in the documentation and not expected in general. Usage of LIKE is still possible using Criteria::LIKE as second parameter.
propelorm · Jun 10, 2016 · 5d5825b · 5d5825b
1 parent 4911238
commit 5d5825b
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/src/Propel/Generator/Builder/Om/QueryBuilder.php b/src/Propel/Generator/Builder/Om/QueryBuilder.php
@@ -1122,9 +1122,6 @@ public function filterBy$colPhpName(\$$variableName = null, \$comparison = null)
         if (null === \$comparison) {
             if (is_array(\$$variableName)) {
                 \$comparison = Criteria::IN;
-            } elseif (preg_match('/[\%\*]/', \$$variableName)) {
-                \$$variableName = str_replace('*', '%', \$$variableName);
-                \$comparison = Criteria::LIKE;
             }
         }";
         } elseif ($col->isBooleanType()) {