diff --git a/src/wp-content/themes/twentyeleven/inc/widgets.php b/src/wp-content/themes/twentyeleven/inc/widgets.php
index 17e9a7ce1b..2a0cdb4f51 100644
--- a/src/wp-content/themes/twentyeleven/inc/widgets.php
+++ b/src/wp-content/themes/twentyeleven/inc/widgets.php
@@ -68,7 +68,6 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 		}
 
 		ob_start();
-		extract( $args, EXTR_SKIP );
 
 		/** This filter is documented in wp-includes/default-widgets.php */
 		$args['title'] = apply_filters( 'widget_title', empty( $instance['title'] ) ? __( 'Ephemera', 'twentyeleven' ) : $instance['title'], $instance, $this->id_base );
diff --git a/src/wp-includes/template.php b/src/wp-includes/template.php
index 3168607412..862b2ccbdf 100644
--- a/src/wp-includes/template.php
+++ b/src/wp-includes/template.php
@@ -684,6 +684,15 @@ function load_template( $_template_file, $require_once = true ) {
 	global $posts, $post, $wp_did_header, $wp_query, $wp_rewrite, $wpdb, $wp_version, $wp, $id, $comment, $user_ID;
 
 	if ( is_array( $wp_query->query_vars ) ) {
+		/*
+		 * This use of extract() cannot be removed. There are many possible ways that
+		 * templates could depend on variables that it creates existing, and no way to
+		 * detect and deprecate it.
+		 *
+		 * Passing the EXTR_SKIP flag is the safest option, ensuring globals and
+		 * function variables cannot be overwritten.
+		 */
+		// phpcs:ignore WordPress.PHP.DontExtract.extract_extract
 		extract( $wp_query->query_vars, EXTR_SKIP );
 	}
 
diff --git a/tests/phpunit/tests/post/output.php b/tests/phpunit/tests/post/output.php
index 7704d89920..b6c402ba89 100644
--- a/tests/phpunit/tests/post/output.php
+++ b/tests/phpunit/tests/post/output.php
@@ -29,15 +29,14 @@ class Tests_Post_Output extends WP_UnitTestCase {
 	}
 
 	function _shortcode_paragraph( $atts, $content ) {
-		extract(
-			shortcode_atts(
-				array(
-					'class' => 'graf',
-				),
-				$atts
-			)
+		$processed_atts = shortcode_atts(
+			array(
+				'class' => 'graf',
+			),
+			$atts
 		);
-		return "<p class='$class'>$content</p>\n";
+
+		return "<p class='{$processed_atts['class']}'>$content</p>\n";
 	}
 
 	function test_the_content() {
diff --git a/tests/phpunit/tests/shortcode.php b/tests/phpunit/tests/shortcode.php
index 050baa5c0a..be1b1ad760 100644
--- a/tests/phpunit/tests/shortcode.php
+++ b/tests/phpunit/tests/shortcode.php
@@ -43,18 +43,16 @@ class Tests_Shortcode extends WP_UnitTestCase {
 
 	// [bartag foo="bar"]
 	function _shortcode_bartag( $atts ) {
-		extract(
-			shortcode_atts(
-				array(
-					'foo' => 'no foo',
-					'baz' => 'default baz',
-				),
-				$atts,
-				'bartag'
-			)
+		$processed_atts = shortcode_atts(
+			array(
+				'foo' => 'no foo',
+				'baz' => 'default baz',
+			),
+			$atts,
+			'bartag'
 		);
 
-		return "foo = {$foo}";
+		return "foo = {$processed_atts['foo']}";
 	}
 
 	// [baztag]content[/baztag]