With the last release announcement of ZF 1.12.8 we didn't place enough
attention on #418 (https://github.com/zendframework/zf1/pull/418).
This patch can introduce a potential BC break if your code uses complex SQL
statements (for example, using sub-functions or nested functions).
I did this PR to improve the fix introduced with security advisory ZF2014-04 (
http://framework.zend.com/security/advisory/ZF2014-04) after we received
additional information from reeearchers. I changed the regular expression in the
order(), from(), and group() methods to be more restrictive; unfortunately
this change can break some code.
To fix code affected by these changes, you can use Zend_Db_Expr() in
or oder() functions.
For instance, this is a case where the PR #418 breaks a SQL statement:
ORDER BY DATE_FORMAT( FROM_UNIXTIME( u.expires )) ASC