Patch for potential Sql injection in ORDER()

library/Zend/Db/Select.php

@@ -601,7 +601,7 @@ class Zend_Db_Select
                     $val = trim($matches[1]);
                     $direction = $matches[2];
                 }
-                if (preg_match('/\(.*\)/', $val)) {
+                if (preg_match('/^[\w]*\(.*\)$/', $val)) {
                     $val = new Zend_Db_Expr($val);
                 }
                 $this->_parts[self::ORDER][] = array($val, $direction);

tests/Zend/Db/Select/TestCommon.php

@@ -1757,4 +1757,14 @@ abstract class Zend_Db_Select_TestCommon extends Zend_Db_TestSetup
         $this->assertRegexp("/ON {$table2_alias}.{$colname}/s", $select->assemble());
     }
 
+    public function testSqlInjectionWithOrder()
+    {
+    	$select = $this->_db->select();
+    	$select->from(array('p' => 'products'))->order('MD5(1);select');
+    	$this->assertEquals($select, 'SELECT "p".* FROM "products" AS "p" ORDER BY "MD5(1);select" ASC');
+    	
+    	$select = $this->_db->select();
+    	$select->from(array('p' => 'products'))->order('name;select;MD5(1)');
+    	$this->assertEquals($select, 'SELECT "p".* FROM "products" AS "p" ORDER BY "name;select;MD5(1)" ASC');
+    }
 }