Missing resource identifier encoding may lead to security vulnerabilities

(I initially submitted this to the GitHub repository because the ActiveResource repository is not listed in scope. I was redirected here by @rafaelfranca) A number of methods in the ActiveResource library, such as `ActiveResource::Base#find` and `ActiveResource::Base#exists?` don't URL encode the resource identifier that is passed to them. Consider the following code: ```ruby require 'activeresource' class Test < ActiveResource::Base self.site = 'http://127.0.0.1:8080' end Test.exists? '?a=1' ``` The code above is expected to make a request to `http://127.0.0.1:8080/tests/%3fa%3d1.json` by properly URL encoding the resource identifier. Instead, it makes a request to `http://127.0.0.1:8080/tests/?a=1.json`. This was tested against ActiveResource 5.1.0 and 5.0.0, both have the same unexpected behavior. ## Impact Because the index `/tests/` returns an array of objects, the code will throw an exception. However, due to the time difference that could be observed, an attacker could potentially exploit this by injecting a filter parameter to index endpoint of the resource. E.g. | Resource identifier | Objects returned | RTT | | ---- | ---- | ---- | | `?type=a&` | 1 | 500ms | | `?type=b&` | 0 | 100ms |