Gracefully handle upgrading apps with mass assigment configs

Most apps upgrading from 3.x will have options for mass assigment in
their application.rb and environments/*.rb config files. Rather than
just raising a NoMethodError when copying the config, this commit
adds a warning message until either the protected_attributes gem
is installed or the relevant config options are removed.

activerecord/lib/active_record/railtie.rb

@@ -92,6 +92,33 @@ class Railtie < Rails::Railtie # :nodoc:
 
     initializer "active_record.set_configs" do |app|
       ActiveSupport.on_load(:active_record) do
+        begin
+          old_behavior, ActiveSupport::Deprecation.behavior = ActiveSupport::Deprecation.behavior, :stderr
+          whitelist_attributes = app.config.active_record.delete(:whitelist_attributes)
+
+          if respond_to?(:mass_assignment_sanitizer=)
+            mass_assignment_sanitizer = nil
+          else
+            mass_assignment_sanitizer = app.config.active_record.delete(:mass_assignment_sanitizer)
+          end
+
+          unless whitelist_attributes.nil? && mass_assignment_sanitizer.nil?
+            ActiveSupport::Deprecation.warn <<-EOF.strip_heredoc, []
+              Model based mass assignment security has been extracted
+              out of Rails into a gem. Please use the new recommended protection model for
+              params or add `protected_attributes` to your Gemfile to use the old one.
+
+              To disable this message remove the `whitelist_attributes` option from your
+              `config/application.rb` file and any `mass_assignment_sanitizer` options
+              from your `config/environments/*.rb` files.
+
+              See http://edgeguides.rubyonrails.org/security.html#mass-assignment for more information
+            EOF
+          end
+        ensure
+          ActiveSupport::Deprecation.behavior = old_behavior
+        end
+
         app.config.active_record.each do |k,v|
           send "#{k}=", v
         end