Index: wp-includes/query.php
===================================================================
--- wp-includes/query.php	(revision 6757)
+++ wp-includes/query.php	(working copy)
@@ -1150,7 +1150,7 @@
 			$q['orderby'] = 'post_date '.$q['order'];
 		} else {
 			// Used to filter values
-			$allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID');
+			$allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand');
 			$q['orderby'] = urldecode($q['orderby']);
 			$q['orderby'] = addslashes_gpc($q['orderby']);
 			$orderby_array = explode(' ',$q['orderby']);
@@ -1160,8 +1160,16 @@
 			for ($i = 0; $i < count($orderby_array); $i++) {
 				// Only allow certain values for safety
 				$orderby = $orderby_array[$i];
-				if ( !('menu_order' == $orderby || 'ID' == $orderby ))
-					$orderby = 'post_' . $orderby;
+				switch ($orderby) {
+					case 'menu_order':
+					case 'ID':
+						break;
+					case 'rand':
+						$orderby = 'RAND()';
+						break;
+					default:
+						$orderby = 'post_' . $orderby;
+				}
 				if ( in_array($orderby_array[$i], $allowed_keys) )
 					$q['orderby'] .= (($i == 0) ? '' : ',') . $orderby;
 			}