Open Redirect Vulnerability Patched in Patient Portal Messaging System

A critical open redirect vulnerability has been patched in a patient portal's messaging system. The flaw, located in the `portal/messaging/handle_note.php` script, allowed an attacker to redirect authenticated patients to malicious phishing pages after they performed a messaging action. The vulnerability stemmed from the direct, unvalidated use of user-supplied POST data to control the redirect location.

The exploit was straightforward: an attacker could craft a form that POSTs a `submit` parameter with a value like `https://evil.com/phishing`. The vulnerable code would then use this value directly in a `header("Location: " . $url)` call, sending the user to the attacker's site. This posed a significant phishing risk, as the redirect would occur immediately after a legitimate user action within the trusted portal environment.

The fix implements a strict validation mechanism. The code now checks the submitted value against an allowlist of known, safe internal pages—initially just `messages.php`. Since the legitimate submit button in the `messages.php` form hardcodes this value, any unrecognized or malicious input now safely falls back to the default `messages.php` page, neutralizing the redirect threat. The remediation underscores the persistent risk of insufficient input validation in web applications handling sensitive user data.