Fix insecure params error and Add sort_url function.

[amatotsuji]

I found error that Generating a URL from non sanitized request parameters is insecure!.
It caused by generating url using raw unpermited params.
Rails4 or 5 have strong parameters.
I fixed this problem.

And I add sort_url function.
It is return only url of sort_link.

Please review my code and merge to master.

[eluvish]

+1 on this. Upgraded to Rails 5 and now getting:
Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.

[jonatack]

@eluvish Use Ransack master with Rails 5 until a new release is made. This issue has been fixed on Ransack master since a year now.

@amatotsuji Thank you for your pull request! Could you please base it on Ransack master and change the least amount of code?

[jonatack]

@amatotsuji My apologies for the delay in responding to your contribution.

[amatotsuji]

@johnnyshields
👍

[jonatack]

@amatotsuji Thank you. I believe the "Fix insecure params error" is no longer an issue. Is the search_params method needed? If not, perhaps rename this PR "Add sort_url view helper" and concentrate on that. It would be good to have a change log entry and tests for the new view helper as well, but I can add them if you don't have time.

[amatotsuji]

@jonatack
I can fix by this weekend. I wish you wait until this weekend.

[jonatack]

Happy to, all good.

[amatotsuji]

@jonatack
I recreated a pull request (pull #706).
Could you check my code?