expressjs · SAY-5 · Apr 15, 2026 · Apr 27, 2026 · jonchurch · Apr 27, 2026
diff --git a/lib/utils.js b/lib/utils.js
@@ -287,7 +287,8 @@ function createETagGenerator (options) {
 
 function parseExtendedQueryString(str) {
   return qs.parse(str, {
-    allowPrototypes: true
+    allowPrototypes: true,
+    arrayLimit: 1000
-    arrayLimit: 1000
+    arrayLimit: 1000,
+    allowSparse: true
-    arrayLimit: 1000
+    arrayLimit: 1000,
+    allowSparse: true
   });
 }
 

diff --git a/test/req.query.js b/test/req.query.js
@@ -38,6 +38,20 @@ describe('req', function(){
         .get('/?user.name=tj')
         .expect(200, '{"user.name":"tj"}', done);
       });
+
+      it('should parse more than 20 repeated values as an array', function (done) {
+        var app = createApp('extended');
+        var ids = [];
+        var expected = [];
+        for (var i = 0; i < 25; i++) {
+          ids.push('ids=' + i);
+          expected.push(String(i));
+        }
+
+        request(app)
+        .get('/?' + ids.join('&'))
+        .expect(200, JSON.stringify({ ids: expected }), done);
+      });
     });
 
     describe('when "query parser" is simple', function () {