New feature: enhance security with custom admin URL.

app/code/core/Mage/Adminhtml/Helper/Data.php

@@ -16,6 +16,7 @@ class Mage_Adminhtml_Helper_Data extends Mage_Adminhtml_Helper_Help_Mapping
 {
     public const XML_PATH_ADMINHTML_ROUTER_FRONTNAME   = 'admin/routers/adminhtml/args/frontName';
     public const XML_PATH_USE_CUSTOM_ADMIN_URL         = 'default/admin/url/use_custom';
+    public const XML_PATH_CUSTOM_ADMIN_URL             = 'default/admin/url/custom';
     public const XML_PATH_USE_CUSTOM_ADMIN_PATH        = 'default/admin/url/use_custom_path';
     public const XML_PATH_CUSTOM_ADMIN_PATH            = 'default/admin/url/custom_path';
     public const XML_PATH_ADMINHTML_SECURITY_USE_FORM_KEY = 'admin/security/use_form_key';
@@ -78,6 +79,21 @@ public static function getUrl($route = '', $params = [])
         return Mage::getModel('adminhtml/url')->getUrl($route, $params);
     }
 
+    /**
+     * @return string|false
+     */
+    public static function getCustomAdminUrl()
+    {
+        $config = Mage::getConfig();
+        if ($config->getNode(self::XML_PATH_USE_CUSTOM_ADMIN_URL)
+            && $config->getNode(self::XML_PATH_CUSTOM_ADMIN_URL)
+        ) {
+            return (string) $config->getNode(self::XML_PATH_CUSTOM_ADMIN_URL);
+        }
+
+        return false;
+    }
+
     /**
      * @return false|int
      */

app/code/core/Mage/Core/Controller/Varien/Router/Admin.php

@@ -146,4 +146,20 @@ protected function _validateControllerInstance($controllerInstance)
     {
         return true;
     }
+
+    /**
+     * Check if URL host matches custom admin URL.
+     *
+     * @inheritDoc
+     */
+    public function match(Zend_Controller_Request_Http $request)
+    {
+        if (($adminUrl = Mage_Adminhtml_Helper_Data::getCustomAdminUrl())
+            && !str_contains($adminUrl, $request->getHttpHost())
+        ) {
+            return false;
+        }
+
+        return parent::match($request);
+    }
 }

app/code/core/Mage/Core/Model/Store.php

@@ -610,7 +610,15 @@ public function getBaseUrl($type = self::URL_TYPE_LINK, $secure = null)
                 $url = str_replace('{{base_url}}', $baseUrl, $url);
             }
 
-            $this->_baseUrlCache[$cacheKey] = rtrim($url, '/') . '/';
+            $url = rtrim($url, '/') . '/';
+            $adminUrl = $this->isAdmin() ? Mage_Adminhtml_Helper_Data::getCustomAdminUrl() : false;
+            if ($adminUrl) {
+                $adminUrl = rtrim($adminUrl, '/') . '/';
+                $baseUrl = str_starts_with($url, 'https://') ? $this->getConfig(self::XML_PATH_SECURE_BASE_URL) : $this->getConfig(self::XML_PATH_UNSECURE_BASE_URL);
+                $url = str_replace($baseUrl, $adminUrl, $url);
+            }
+
+            $this->_baseUrlCache[$cacheKey] = $url;
         }
 
         return $this->_baseUrlCache[$cacheKey];

errors/processor.php

@@ -489,9 +489,7 @@ protected function _validate(): bool
      */
     protected function _setSkin(string $value, ?stdClass $config = null)
     {
-        if (preg_match('/^[a-z0-9_]+$/i', $value)
-            && is_dir($this->_indexDir . self::ERROR_DIR . '/' . $value)
-        ) {
+        if (preg_match('/^[a-z0-9_]+$/i', $value) && is_dir($this->_errorDir . $value)) {
             if (!$config && $this->_config) {
                 $config = $this->_config;
             }