An end user can trigger a Warning by passing an array rather than simple string as the q param in the URL . e.g. ?q=x
This seems not to affect Drupal 8, but only Drupal 7 and below.
A simple fix is to either cast $_GET['q'] to a string, or set it to the empty string if it's not a string.