When a URL is parsed, some characters, like ( , ; etc. are internally converted to -. If a page exists for the --ed version of the URL, that page will be shown.
For example, when visiting the URL https://example.com/about-us/, instead of typing /about-us/ you can type different special characters in between "about" and "us" and still visit the page:
/about(us//about)us//about,us//about;us/- etc.
This is caused by the sanitizing function that is called on the target URL. I think this is incorrect and should be changed.
https://github.com/SimplyEdit/simply-edit-backend/blob/90855886c71d5f9d9a6c8c1e7cd95185964cbab2/www/simply-edit/http.php#L92
When a URL is parsed, some characters, like
(,;etc. are internally converted to-. If a page exists for the--ed version of the URL, that page will be shown.For example, when visiting the URL
https://example.com/about-us/, instead of typing /about-us/ you can type different special characters in between "about" and "us" and still visit the page:/about(us//about)us//about,us//about;us/This is caused by the sanitizing function that is called on the target URL. I think this is incorrect and should be changed.
https://github.com/SimplyEdit/simply-edit-backend/blob/90855886c71d5f9d9a6c8c1e7cd95185964cbab2/www/simply-edit/http.php#L92