TYPO3 Core

This issue was initially reported by a user against realurl and metaseo via
https://github.com/dmitryd/typo3-realurl/issues/499
https://github.com/webdevops/TYPO3-metaseo/issues/497

with versions:

MetaSEO version: 3.0.0
TYPO3 version: 8.7.2
PHP version: 7.1.6
RealUrl version: 2.2.1

How to reproduce:

Have a realurl config like this

...
'fileName' => array (      
    'index' => array (
        ...
        'sitemap.xml' => array (
            'keyValues' => array (
                'type' => 841132,
            ),
        ),

Then realurl somehow passes that over to TYPO3. Dmitry Dulepov describes it as follows:

" RealURL does not call the core. It is the other way: TYPO3 core calls RealURL here. Inside this call RealURL parses the URL and sets $_GET['id'] and other query string parameters.

The function you found is most likely responsible. It sets the type argument explicitly but it also uses addQueryString without excluding type. So type argument will appear twice in the URL."

TYPO3 then initiates a request with duplicate type parameter:

~ $ curl -I http://www.jh-moehringen.de/robots.txt
HTTP/1.1 307 Temporary Redirect
Date: Thu, 06 Jul 2017 14:12:43 GMT
Server: Apache
Location: http://www.jh-moehringen.de/index.php?id=3&type=841133&type=841133
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

There is to note that this redirect can't come from realurl or metaseo because both won't 307-redirect anywhere. But TYPO3 core does, like in TSFE https://github.com/TYPO3/TYPO3.CMS/blob/f8f0acbdd83631226bf7143e54318f9382d69267/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2865