From 73ca420029b467e869dbe66e722b4638e479c350 Mon Sep 17 00:00:00 2001
From: Erwan Nader <ernadoo@gmail.com>
Date: Wed, 30 Dec 2015 12:22:05 +0100
Subject: [PATCH 1/2] [ticket/14386] Use of sys_get_temp_dir()

PHPBB3-14386
---
 phpBB/includes/functions_upload.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 89bc31fa25..f0a48e51e5 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -919,7 +919,7 @@ class fileupload
 			return $file;
 		}
 
-		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
+		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? sys_get_temp_dir() : $phpbb_root_path . 'cache';
 		$filename = tempnam($tmp_path, unique_id() . '-');
 
 		if (!($fp = @fopen($filename, 'wb')))

From 59481da9dac23ccb8382202eb6623c3fc71030a0 Mon Sep 17 00:00:00 2001
From: Erwan Nader <ernadoo@gmail.com>
Date: Sun, 3 Jan 2016 11:29:53 +0100
Subject: [PATCH 2/2] [ticket/14386] Use of sys_get_temp_dir()

PHPBB3-14386
---
 phpBB/phpbb/files/types/remote.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/phpBB/phpbb/files/types/remote.php b/phpBB/phpbb/files/types/remote.php
index 44feab0ece..4f4ce15c18 100644
--- a/phpBB/phpbb/files/types/remote.php
+++ b/phpBB/phpbb/files/types/remote.php
@@ -200,8 +200,7 @@ class remote extends base
 			return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA');
 		}
 
-		$tmp_path = (!$this->php_ini->getBool('safe_mode')) ? false : $this->phpbb_root_path . 'cache';
-		$filename = tempnam($tmp_path, unique_id() . '-');
+		$filename = tempnam(sys_get_temp_dir(), unique_id() . '-');
 
 		if (!($fp = @fopen($filename, 'wb')))
 		{