TypeError: str_contains() argument must be of type string, array given in wp-login.php

[Krinkle]

Various bots and crawlers are producing entries like the following in wp-05:/var/log/php8.2-fpm.log:

[15-Sep-2023 15:02:17] WARNING: [pool www] child 2355747 said into stderr:
  PHP Fatal error:  Uncaught TypeError: str_contains(): Argument #1 ($haystack) must be of type string, array given
  in /srv/wordpress/sites/api_jquery_com/wp-login.php:1365
  Stack trace:
  #0 /srv/wordpress/sites/api_jquery_com/wp-login.php(1365): str_contains()
  #1 {main}
  thrown in /srv/wordpress/sites/api_jquery_com/wp-login.php on line 1365

Seems to be an upstream issue where a $_GET or $_REQUEST key is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports.

https://github.com/WordPress/wordpress-develop/blob/6.3.1/src/wp-login.php#L1267-L1365

[Krinkle]

Filed upstream ticket at https://core.trac.wordpress.org/ticket/59373

[Krinkle]

Upstream has merged my patch at WordPress/wordpress-develop#5227. I guess it will become part of WordPress 6.6.