From 871440a7dfdb6e5b81b204ee36a587476859d86e Mon Sep 17 00:00:00 2001
From: "marcelo.cuiza" <marcelo.cuiza@colosa.com>
Date: Mon, 23 Mar 2015 18:44:23 -0400
Subject: [PATCH] PM-1918

La instalacion de PM se queda congelada debido a las correcciones a las injecciones SQL y XSS

error de sintaxis
---
 workflow/engine/controllers/installer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php
index cf03a5809..d1c19d0a1 100755
--- a/workflow/engine/controllers/installer.php
+++ b/workflow/engine/controllers/installer.php
@@ -1285,7 +1285,7 @@ class Installer extends Controller
         }
         $db_username = $filter->validateInput($db_username, 'nosql');
         $db_hostname = $filter->validateInput($db_hostname, 'nosql');
-        $query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%'\") ";
+        $query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%%'\") ";   
         $query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username));
         $res = @mysql_query( $query, $link );
         $row = @mysql_fetch_array( $res );