The drupal_render() function could use a bit more protection

In drupal 7 the drupal_render() function takes a single render array argument.

If a render array is not passed in warnings will be emitted.

In our case the collection module it passing a render array with a child element
set to 1 instead of a nested child array. This only happens on some collections
but its really hard to figure out whats happening due to the sheer size of
the render array.

Nothing is wrong with the html that is emitted but 12 warning messages get generated.

To reproduce the issue:
Call the drupal_render() function in drupal 7 and pass in a
scaler or object instead of the expected render array.

Expected behavior:
The drupal_render() function should act in the same way as it does when an empty render array is passed in
or a render array with no '#access' element is passed in.
That is return '' (empty string).

What happened instead:
Three warning messages are emitted.

Warning: Cannot use a scalar value as an array in drupal_render() (line 6119 of /srv/bindings/4ab358cd87db416f8ab8088ddf37708d/code/includes/common.inc).

Warning: Invalid argument supplied for foreach() in element_children() (line 6607 of /srv/bindings/4ab358cd87db416f8ab8088ddf37708d/code/includes/common.inc).

Warning: Cannot use a scalar value as an array in drupal_render() (line 6064 of /srv/bindings/4ab358cd87db416f8ab8088ddf37708d/code/includes/common.inc).

No one would want the code in the drupal_render() to actually execute without a valid render array but that's what happens.

in the common.inc file. In the drupal_render() function the first line looks like this.

if (empty($elements) || (isset($elements['#access']) && !$elements['#access'])) {
return '';
}

The patch for this the first line should look like this.

if (empty($elements) || !is_array($elements) || (isset($elements['#access']) && !$elements['#access'])) {
return '';
}

Adds a test !is_array($elements) to make sure the render array is valid.

patch

function drupal_render(&$elements) {
// Early-return nothing if user does not have access.
- if (empty($elements) || (isset($elements['#access']) && !$elements['#access'])) {
+ if (empty($elements) || !is_array($elements) || (isset($elements['#access']) && !$elements['#access'])) {
return '';
}