From ab117c28415ffa77ee3f4e9ad694409f9048e873 Mon Sep 17 00:00:00 2001
From: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Date: Thu, 10 Oct 2024 10:51:05 +0800
Subject: [PATCH 1/4] New feature: enhance security with  custom admin URL.

---
 app/code/core/Mage/Adminhtml/Helper/Data.php | 16 ++++++++++++++++
 app/code/core/Mage/Core/Model/Store.php      | 10 +++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/code/core/Mage/Adminhtml/Helper/Data.php b/app/code/core/Mage/Adminhtml/Helper/Data.php
index f63371b5a47..48af1889146 100644
--- a/app/code/core/Mage/Adminhtml/Helper/Data.php
+++ b/app/code/core/Mage/Adminhtml/Helper/Data.php
@@ -23,6 +23,7 @@ class Mage_Adminhtml_Helper_Data extends Mage_Adminhtml_Helper_Help_Mapping
 {
     public const XML_PATH_ADMINHTML_ROUTER_FRONTNAME   = 'admin/routers/adminhtml/args/frontName';
     public const XML_PATH_USE_CUSTOM_ADMIN_URL         = 'default/admin/url/use_custom';
+    public const XML_PATH_CUSTOM_ADMIN_URL             = 'default/admin/url/custom';
     public const XML_PATH_USE_CUSTOM_ADMIN_PATH        = 'default/admin/url/use_custom_path';
     public const XML_PATH_CUSTOM_ADMIN_PATH            = 'default/admin/url/custom_path';
     public const XML_PATH_ADMINHTML_SECURITY_USE_FORM_KEY = 'admin/security/use_form_key';
@@ -85,6 +86,21 @@ public static function getUrl($route = '', $params = [])
         return Mage::getModel('adminhtml/url')->getUrl($route, $params);
     }
 
+    /**
+     * @return string|false
+     */
+    public static function getCustomAdminUrl()
+    {
+        $config = Mage::getConfig();
+        if ($config->getNode(self::XML_PATH_USE_CUSTOM_ADMIN_URL)
+            && $config->getNode(self::XML_PATH_CUSTOM_ADMIN_URL)
+        ) {
+            return (string) $config->getNode(self::XML_PATH_CUSTOM_ADMIN_URL);
+        }
+
+        return false;
+    }
+
     /**
      * @return false|int
      */
diff --git a/app/code/core/Mage/Core/Model/Store.php b/app/code/core/Mage/Core/Model/Store.php
index eea91b7d2e0..d0811181298 100644
--- a/app/code/core/Mage/Core/Model/Store.php
+++ b/app/code/core/Mage/Core/Model/Store.php
@@ -614,7 +614,15 @@ public function getBaseUrl($type = self::URL_TYPE_LINK, $secure = null)
                 $url = str_replace('{{base_url}}', $baseUrl, $url);
             }
 
-            $this->_baseUrlCache[$cacheKey] = rtrim($url, '/') . '/';
+            $url = rtrim($url, '/') . '/';
+            $adminUrl = $this->isAdmin() ? Mage_Adminhtml_Helper_Data::getCustomAdminUrl() : false;
+            if ($adminUrl) {
+                $adminUrl = rtrim($adminUrl, '/') . '/';
+                $baseUrl = str_starts_with($url, 'https://') ? $this->getConfig(self::XML_PATH_SECURE_BASE_URL) : $this->getConfig(self::XML_PATH_UNSECURE_BASE_URL);
+                $url = str_replace($baseUrl, $adminUrl, $url);
+            }
+
+            $this->_baseUrlCache[$cacheKey] = $url;
         }
 
         return $this->_baseUrlCache[$cacheKey];

From ba01bd103b477569f0b8876d35886ae316c791d5 Mon Sep 17 00:00:00 2001
From: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Date: Thu, 10 Oct 2024 13:16:55 +0800
Subject: [PATCH 2/4] Check if URL host matches custom admin URL.

---
 .../Mage/Core/Controller/Varien/Router/Admin.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php b/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
index b5651fe07db..5c2efecffd6 100644
--- a/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
+++ b/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
@@ -152,4 +152,20 @@ protected function _validateControllerInstance($controllerInstance)
     {
         return true;
     }
+
+    /**
+     * Check if URL host matches custom admin URL.
+     *
+     * @inheritDoc
+     */
+    public function match(Zend_Controller_Request_Http $request)
+    {
+        if ($adminUrl = Mage_Adminhtml_Helper_Data::getCustomAdminUrl()) {
+            if (!str_contains($adminUrl, $request->getHttpHost())) {
+                return false;
+            }
+        }
+
+        return parent::match($request);
+    }
 }

From bebb936079eb8162e2ac2b2da35db8bc1d4308ab Mon Sep 17 00:00:00 2001
From: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Date: Fri, 11 Oct 2024 15:08:22 +0800
Subject: [PATCH 3/4] Fixed incorrect 404 error skin when using
 dev/openmage/nginx-frontend.conf

---
 errors/processor.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/errors/processor.php b/errors/processor.php
index 1c561d45375..6248f36c8f3 100644
--- a/errors/processor.php
+++ b/errors/processor.php
@@ -499,9 +499,7 @@ protected function _validate(): bool
      */
     protected function _setSkin(string $value, ?stdClass $config = null)
     {
-        if (preg_match('/^[a-z0-9_]+$/i', $value)
-            && is_dir($this->_indexDir . self::ERROR_DIR . '/' . $value)
-        ) {
+        if (preg_match('/^[a-z0-9_]+$/i', $value) && is_dir($this->_errorDir . $value)) {
             if (!$config && $this->_config) {
                 $config = $this->_config;
             }

From c1f92242180ef2b476bc3fb3929d96e799314d4b Mon Sep 17 00:00:00 2001
From: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Date: Wed, 22 Jan 2025 14:01:01 +0800
Subject: [PATCH 4/4] Combined 2 if statements

---
 .../core/Mage/Core/Controller/Varien/Router/Admin.php     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php b/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
index 4fc98895042..ea53cfeaecc 100644
--- a/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
+++ b/app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
@@ -162,10 +162,10 @@ protected function _validateControllerInstance($controllerInstance)
      */
     public function match(Zend_Controller_Request_Http $request)
     {
-        if ($adminUrl = Mage_Adminhtml_Helper_Data::getCustomAdminUrl()) {
-            if (!str_contains($adminUrl, $request->getHttpHost())) {
-                return false;
-            }
+        if (($adminUrl = Mage_Adminhtml_Helper_Data::getCustomAdminUrl())
+            && !str_contains($adminUrl, $request->getHttpHost())
+        ) {
+            return false;
         }
 
         return parent::match($request);