Index: wp-includes/query.php
===================================================================
--- wp-includes/query.php	(revision 6702)
+++ wp-includes/query.php	(working copy)
@@ -1123,7 +1123,7 @@
 			$q['orderby'] = 'post_date '.$q['order'];
 		} else {
 			// Used to filter values
-			$allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID');
+			$allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand');
 			$q['orderby'] = urldecode($q['orderby']);
 			$q['orderby'] = addslashes_gpc($q['orderby']);
 			$orderby_array = explode(' ',$q['orderby']);
@@ -1133,8 +1133,10 @@
 			for ($i = 0; $i < count($orderby_array); $i++) {
 				// Only allow certain values for safety
 				$orderby = $orderby_array[$i];
-				if ( !('menu_order' == $orderby || 'ID' == $orderby ))
+				if ( !('menu_order' == $orderby || 'ID' == $orderby || 'rand' == $orderby ) )
 					$orderby = 'post_' . $orderby;
+				if ( 'rand' == $orderby ) 
+					$orderby = 'RAND()'; 
 				if ( in_array($orderby_array[$i], $allowed_keys) )
 					$q['orderby'] .= (($i == 0) ? '' : ',') . $orderby;
 			}