strong parameters safety issue enables accidental mass assignment

We already have plans to make Parameters not inherited from Hash before Rails 4.2, but we couldn’t do it because it breaks backward compatibility. What we did, instead, was to make sure we have test to cover those cases, and reimplement those methods that leaked Hash object.

If we missed something, please let us know.

After 4-2-stable has been cut out, and master becomes 5.0, then we’ll make Parameters not inherited from Hash.