The `$credentials['user_login']` and `$credentials['user_password']` parameters are passed by reference to the `wp_authenticate` action, and are at that point [https://www.php.net/manual/en/language.references.pass.php#124383 created as null] if they don't exist in the array.
This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:
* One from `preg_replace()` in `wp_strip_all_tags()` via `sanitize_user()` in `wp_authenticate()`:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
* One from `trim()` in `wp_authenticate()` itself:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Includes documenting the `$credentials` parameter using hash notation.
Follow-up to [6643], [37697].
Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes#56850.
Built from https://develop.svn.wordpress.org/trunk@55301
git-svn-id: http://core.svn.wordpress.org/trunk@54834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
bc0c01b1ac