Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

84017: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud)
      82509: Merged V4.1-BUG-FIX (4.1.10) to V4.2-BUG-FIX (4.2.4)
         82351: MNT-12272: Merged DEV to V4.1-BUG-FIX (4.1.10)
            82330: MNT-12272: Possible sql injection in /api/workflow-instances
               - Set exluded definitions for query using parameter binding


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@84613 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/workflow/jbpm/JBPMEngine.java

@@ -941,11 +941,15 @@ public class JBPMEngine extends AlfrescoBpmEngine implements WorkflowEngine
                     {
                         processSelect.append(" join process.processDefinition as definition");
                     }
+                    int exDefNum = 0;
                     for (String exDef : exludedDefs)
                     {
+                        exDefNum++;
+                        String varExDef = "varExDef" + exDefNum;
                         exDef = BPMEngineRegistry.getLocalId(exDef);
                         exDef = exDef.replaceAll("\\*", "%");
-                        processWhere.append(" and definition.name not like '").append(exDef).append("'");
+                        processWhere.append(" and definition.name not like :").append(varExDef);
+                        processMap.put(varExDef, exDef);
                     }
                 }