TYPO3 Core

If an external parameter is added to a page, which is resolved using an Routing-Enhancer, this might cause a crash, if the parameter name is too long.

Steps to reproduce:

You need a page with configured Extbase Plugin Enhancer.
If you call this page it should work in the frontend with the normal output of the extbase plugin used.
If you call this page with a manipulated URL (add a long parameter, e.g. ?L_Instagram_FeedAd_EstimatedAdRecall=whatever you see an error in the frontend.

I expect the non-TYPO3 parameter is simply ignored.

I have stripped this down to https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Routing/Enhancer/VariableProcessor.php#L61

if the parameter is longer than 31 chars and it's not a valid hash, the OutOfRangeException is throwed, which leads to an error in the frontend.

As for shorter parameters the input argument is simply returned, I suggest to change the method resolveHash to return the value from $this->hashes, if the key $hash exists, and $hash otherwise.

This would make the method shorter and more stable.

I'm unsure, if this might have unwanted side effects.

I found this in a TYPO3 10.4.36 instance, but the method and the error is also in current main. It seems not related to the PHP version.