Notice: Array to string conversion in url() (line 2186 of httpdocs/includes/common.inc).

I am receiving a similar error. My register form has Name and Email fields, along with 2 check boxes. When spam gets block, I receive the 'spamicide blocked ..." message, plus the following messages (in order)

Warning: strpos() expects parameter 1 to be string, array given in url() (line 2194 of /includes/common.inc).
Warning: substr() expects parameter 1 to be string, array given in url() (line 2195 of /includes/common.inc).
Warning: strpos() expects parameter 1 to be string, array given in drupal_strip_dangerous_protocols() (line 1350 of /includes/common.inc).
Warning: strpos() expects parameter 1 to be string, array given in url() (line 2210 of /includes/common.inc).
Warning: explode() expects parameter 2 to be string, array given in url() (line 2211 of /includes/common.inc).

My guess is the spam is writing some sort of url/array into the fields? Why are the fields being processed at all, I would think they would just be dumped.

Problem is on line 460 in spamicide.module. Its trying to redirect the user to an array (instead of a url).

Changing

      drupal_goto($form_state['values']['destination']);

to

      drupal_goto($form_state['values']['destination']['destination']);

seems to fix it. I don't have much experience with drupal so am not sure why/when this problem first appeared (or the best way to submit a patch).

I would say $form_state['values']['destination'] should have an actual destination URL. There is no need to include whole array the drupal_get_destination() returns.

Yeah that is a better solution.

(And apparently its not the first time someone suggested it either - https://drupal.org/node/1787774)