Open Redirect Vulnerability in Action Pack

We were able to bypass the mechanism that prevents open redirects due to incomplete URL input validation. I have reported it below and written a patch to fix it. https://hackerone.com/reports/1789458 ## Impact Vulnerable code will look like this: ```ruby redirect_to(params[:some_param]) ``` Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.