Index: wp-includes/class-wp-term-query.php
===================================================================
--- wp-includes/class-wp-term-query.php	(revision 43547)
+++ wp-includes/class-wp-term-query.php	(working copy)
@@ -388,18 +388,36 @@
 			}
 		}
 
-		// 'term_order' is a legal sort order only when joining the relationship table.
-		$_orderby = $this->query_vars['orderby'];
-		if ( 'term_order' === $_orderby && empty( $this->query_vars['object_ids'] ) ) {
-			$_orderby = 'term_id';
+		$order          = '';
+		$orderby        = '';
+		$_orderby       = $this->query_vars['orderby'];
+		$_orderby_array = array();
+
+		if ( ! is_array( $_orderby ) ) {
+			$_order   = $this->parse_order( $this->query_vars['order'] );
+			$_orderby = explode( ' ', $_orderby );
+			$_orderby = array_fill_keys( $_orderby, $_order );
 		}
-		$orderby = $this->parse_orderby( $_orderby );
 
-		if ( $orderby ) {
-			$orderby = "ORDER BY $orderby";
+		foreach ( $_orderby as $__orderby => $_order ) {
+			// 'term_order' is a legal sort order only when joining the relationship table.
+			if ( 'term_order' === $__orderby && empty( $this->query_vars['object_ids'] ) ) {
+				$__orderby = 'term_id';
+			}
+			$__orderby = addslashes_gpc( urldecode( $__orderby ) );
+			$parsed    = $this->parse_orderby( $__orderby );
+			// Only allow certain values for safety.
+			if ( ! $parsed ) {
+				continue;
+			}
+
+			$_orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
 		}
 
-		$order = $this->parse_order( $this->query_vars['order'] );
+		$_orderby = implode( ', ', $_orderby_array );
+		if ( $_orderby ) {
+			$orderby = "ORDER BY $_orderby";
+		}
 
 		if ( $taxonomies ) {
 			$this->sql_clauses['where']['taxonomy'] = "tt.taxonomy IN ('" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "')";