diff --git a/app/lib/App/Core/AccessControl.php b/app/lib/App/Core/AccessControl.php
index ca45321..b447aea 100644
--- a/app/lib/App/Core/AccessControl.php
+++ b/app/lib/App/Core/AccessControl.php
@@ -19,18 +19,11 @@ class AccessControl
     {
         $this->app = $app;
 
-        /**
-         * WARNING WARNING WARNING:
-         * 
-         * Never use an asterisk without putting anything before it like this "*".
-         * An attacker could leverage this by putting a forward slash behind a
-         * protected page like this "protected-page.php/pwned!" to gain access.
-         */
         $this->acl = [
             // routes that need power level 1 and up
             [
                 "routes" => [
-                    "race/simulator.php*",
+                    "race/simulator.php",
                     "race/configure/*"
                 ],
                 "catcher" => [
@@ -50,7 +43,7 @@ class AccessControl
         ];
 
         $this->currentPage = substr(
-            $_SERVER["PHP_SELF"],
+            $_SERVER["SCRIPT_NAME"],
             strlen($this->app->config["root_url"])
         );