Any user after logging into an any myshopify shop can be redirected to other domain.
To reproduce: Send this to victim: http://sehyoginfoshop.myshopify.com/account/login?checkout_url=.np
Now when our victim logs in, He will be redirected to https://sehyoginfoshop.myshopify.com.np/
Which is not a shopify domain.
Fix: While redirecting Use <shop-name>"/"$checkout_url instead of <shop-name>$checkout_url