ZF-11410: Variables in global scope can be overwritten


In most form element view helpers extract is being used to pull out the elements name, value, attribs etc. Although its bad practice to have variables in global scope some people still code this way. By performing an extract any variable in global scope sharing these names will get overwritten.

        $info = $this->_getInfo($name, $value, $attribs);
        extract($info); // name, value, attribs, options, listsep, disable, escape

Proposed solutions:

remove the extract all together and reference the values from the $info array already set (reduces memory usage too).

        $info = $this->_getInfo($name, $value, $attribs);

        // build the element
        if ($info['disable']) {
            // disabled; display nothing
            return  '';


The extract() only puts variables into the scope of the current method, not into the global space.