Fix for three open redirect vulns using redirect_to url_for(params.merge))) See merge request !2082
Attach a file by drag & drop or click to upload
