diff --git a/lib/Cake/Controller/Controller.php b/lib/Cake/Controller/Controller.php
index 05878f8ac..e9d5c6657 100644
--- a/lib/Cake/Controller/Controller.php
+++ b/lib/Cake/Controller/Controller.php
@@ -1049,10 +1049,14 @@ class Controller extends CakeObject implements CakeEventListener {
 			$op = '';
 		}
 
+		$allowedChars = '#[^a-zA-Z0-9_ ]#';
 		$arrayOp = is_array($op);
 		foreach ($data as $model => $fields) {
+			if (preg_match($allowedChars, $model)) {
+				throw new RuntimeException("Unsafe operator found in {$model}");
+			}
 			foreach ($fields as $field => $value) {
-				if (preg_match('#[^a-zA-Z0-9_ ]#', $field)) {
+				if (preg_match($allowedChars, $field)) {
 					throw new RuntimeException("Unsafe operator found in {$model}.{$field}");
 				}
 				$key = $model . '.' . $field;
diff --git a/lib/Cake/Test/Case/Controller/ControllerTest.php b/lib/Cake/Test/Case/Controller/ControllerTest.php
index 716d9019f..686520df6 100644
--- a/lib/Cake/Test/Case/Controller/ControllerTest.php
+++ b/lib/Cake/Test/Case/Controller/ControllerTest.php
@@ -1199,6 +1199,9 @@ class ControllerTest extends CakeTestCase {
 			array(
 				array('Posts' => array('id IS NULL union all select posts.* from posts where id; --' => 1))
 			),
+			array(
+				array('Post.id IS NULL; --' => array('id' => 1))
+			),
 		);
 	}