Thread:Extension talk:RandomPageSettings/Bad code

This doesn't look very well coded. Even besides the whole hack of assuming that people use /wiki/$1 action urls. If it weren't for the fact that a ' gets turned into a %## by rawurlencode this extension would have a blatant open SQL injection vulnerability. This extension should be properly quoting it's user input.

It's also messed up in how it escapes for comparison against page_title:
 * Any _ in the article path will match any single character
 * Anything that gets urlencoded by rawurlencode will end up as a %## which is not the format that said text will use inside the actual database
 * Additionally because of the nature of the '%' in a like any special character will actually introduce wildcard matching into the like query.

We have a proper method to use for building LIKE queries, this extension should make use of that. It should also consider using Title::'s functionality to properly normalize titles and ignore illegal titles.