From 7c5633b22402e5c7588b077606190b400c60ee46 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 14 Jan 2018 09:45:55 +0200
Subject: [PATCH] Add subdomain check for applepay

---
 app/Http/Controllers/OnlinePaymentController.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/OnlinePaymentController.php b/app/Http/Controllers/OnlinePaymentController.php
index 852f0f7bc1e6..d6847fe0380e 100644
--- a/app/Http/Controllers/OnlinePaymentController.php
+++ b/app/Http/Controllers/OnlinePaymentController.php
@@ -425,20 +425,23 @@ class OnlinePaymentController extends BaseController
     {
         if (Utils::isNinja()) {
             $subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
+            if (! $subdomain || $subdomain == 'app') {
+                exit('Invalid subdomain');
+            }
             $account = Account::whereSubdomain($subdomain)->first();
         } else {
             $account = Account::first();
         }
 
         if (! $account) {
-            exit("Account not found");
+            exit('Account not found');
         }
 
         $accountGateway = $account->account_gateways()
             ->whereGatewayId(GATEWAY_STRIPE)->first();
 
         if (! $account) {
-            exit("Apple merchant id not set");
+            exit('Apple merchant id not set');
         }
 
         echo $accountGateway->getConfigField('appleMerchantId');