AC-1843: Fixed path traversal issue for error reporting

Author: nvshivakumar

pub/errors/default/page.phtml

@@ -3,12 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+// phpcs:ignoreFile
 ?>
 <!doctype html>
 <html xmlns="http://www.w3.org/1999/xhtml" >
 <head>
     <title><?= $this->pageTitle ?></title>
-    <base href="<?= $this->getViewFileUrl() ?>" />
+    <base href="<?= $this->escaper->escapeHtml($this->getViewFileUrl()) ?>" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <meta name="robots" content="*"/>
     <link rel="stylesheet" href="css/styles.css" type="text/css" />

pub/errors/processor.php

@@ -270,7 +270,7 @@ public function getViewFileUrl()
         $errorPath = strpos($errorDir, $indexDir) === 0 ?
             str_replace($indexDir, '', $errorDir) : $errorPathSuffix;
 
-        return $this->getBaseUrl() . $errorPath . $this->_config->skin . '/';
+        return ltrim($this->getBaseUrl() . $errorPath . $this->_config->skin . '/','.');
     }
 
     /**
@@ -595,7 +595,7 @@ private function redirectToBaseUrl()
      */
     private function isReportIdValid(string $reportId): bool
     {
-        return (bool)preg_match('/[a-fA-F0-9]{64}/', $reportId);
+        return (bool)preg_match('/^[a-fA-F0-9]{64}$/', $reportId);
     }
 
     /**