Raise on list value in query string parameter encoding (#6632)

eagle-head · web-flow · commit 8fb466e50659 · 2026-03-20T16:00:14.000+01:00
When a plain list is interpolated as a query string value (e.g., ~p"/path?key=#{[value]}"), raise an ArgumentError with a helpful message pointing to the correct syntax (~p"/path?#{[key: [value]]}"). Previously, the list was silently treated as a dict by Plug.Conn.Query.encode, producing incorrect output like "key=[]=value". Closes #6582
diff --git a/lib/phoenix/verified_routes.ex b/lib/phoenix/verified_routes.ex
@@ -891,14 +891,26 @@ defmodule Phoenix.VerifiedRoutes do
   @doc false
   def __encode_query__(dict, sort? \\ false)
 
-  def __encode_query__(dict, sort?)
-      when is_list(dict) or (is_map(dict) and not is_struct(dict)) do
+  def __encode_query__(dict, sort?) when is_map(dict) and not is_struct(dict) do
     case Plug.Conn.Query.encode(dict, &to_param/1) do
       "" -> ""
       query_str -> maybe_sort_query(query_str, sort?)
     end
   end
 
+  def __encode_query__(dict, sort?) when is_list(dict) do
+    if dict == [] or match?([{_, _} | _], dict) do
+      case Plug.Conn.Query.encode(dict, &to_param/1) do
+        "" -> ""
+        query_str -> maybe_sort_query(query_str, sort?)
+      end
+    else
+      raise ArgumentError,
+            "expected a keyword list or map for query string encoding, got: #{inspect(dict)}. " <>
+              "Use the full query string syntax instead, such as ~p\"/path?#\{[key: #{inspect(dict)}]}\""
+    end
+  end
+
   def __encode_query__(val, _sort?), do: val |> to_param() |> URI.encode_www_form()
 
   defp maybe_sort_query(query_str, false), do: query_str
diff --git a/test/phoenix/verified_routes_test.exs b/test/phoenix/verified_routes_test.exs
@@ -418,6 +418,16 @@ defmodule Phoenix.VerifiedRoutesTest do
     :code.delete(__MODULE__.InvalidQuery)
   end
 
+  test "list value as query string parameter raises" do
+    assert_raise ArgumentError, ~r/expected a keyword list or map/, fn ->
+      ~p"/posts/top?#{["abc-123"]}"
+    end
+
+    assert_raise ArgumentError, ~r/expected a keyword list or map/, fn ->
+      ~p"/posts/top?#{[1, 2, 3]}"
+    end
+  end
+
   test "~p with complex ids" do
     assert ~p|/posts/#{"==d--+"}| == "/posts/%3D%3Dd--%2B"
     assert ~p|/posts/top?#{[id: "==d--+"]}| == "/posts/top?id=%3D%3Dd--%2B"
