ZF-4280: Zend_Form_Element_File 'destination' property leaks in the HTML after form validation
I found out that when a form that contains a Zend_Form_Element_File goes through validation (isValid method) its destination property makes it to the 'value' attribute of the rendered tag.
Example of resulting output:
I haven't investigated more than that since I use my own Form_Element_File element which doesn't have this issue.
I reckon it's kind of a security issue since we don't want to expose this information to the outside world.
I'm not sure how JIRA renders code so I attached a PHP file which hopefully helps at reproducing the bug.