fix 11779 SQLReport can run arbitrary queries

lib/WebGUI/DatabaseLink.pm

@@ -383,6 +383,9 @@ sub queryIsAllowed {
 	my $self  = shift;
 	my $query = shift;
 
+    # Remove all comments before checking validity
+    $query =~ s{/[*].*?[*]/}{}g;
+
     my ($firstWord) = $query =~ /(\w+)/;
     $firstWord = lc $firstWord;
     return isIn($firstWord, split(/\s+/, lc $self->{_databaseLink}{allowedKeywords})) ? 1 : 0;