Fixes #17343 - set deep munge config off

deep_munge was introduced as a solution to keep
Rails secure by default which results in
'empty array becomes nil in params'.
Thats why, set deep_munge config off in application.rb.
Also, added changes which will cast param argument to string...

fixes #16798 - move scoped_search definitions to STI subclasses

scoped_search doesn't support class inheritance with STI, so registering
definitions on the subclass fixes various issues. This fixes an issue
where scoped_search on CommonParameter calls Parameter.all and is...

Fixes #17104 - ignore resource via API

Fixes #15703 - Singularize media in api doc for orgs

Fixes #15833 - remove duplicities in smart params listings

fixes #3917 - replace protected_attrs with strong parameters

Filtering of attributes has moved from the protected_attributes gem to
strong parameters in controller concerns, to be in line with current
Rails recommendations.

Concerns are shared between UI and both API controllers and list the...

Refs #3809 - Using defaults for AndOr cop

fixes #15720 - rename *_filter to *_action

The older 'filter' name is changing in Rails to 'action' and is being
deprecated.

Fixes #15268 - limit user taxonomies using my scopes

Fixes CVE-2016-4475

Fixes #15182 - limit user taxonomies in API (CVE-2016-4451)