id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15768	The setUp() method FileStorageTests in tests/regressiontests/file_storage/tests.py uses tempfile.mktemp()	d1b	nobody	"The tempfile.mktemp() function is deprecated and the documentation warns that the ""Use of this function may introduce a security hole in your program"" - see [0] for more information.
The setUp() method FileStorageTests in tests/regressiontests/file_storage/tests.py uses tempfile.mktemp() in creating a temporary directory. The temporary directory is then deleted during tearDown(). See [1] for a snippet of the code in question.

This seems like a mistake because other classes such as FileSaveRaceConditionTest use tempfile.mkdtemp(). tempfile.mkdtemp is a safer way of creating a temporary directory.

Something like the following (_NOTE_: I haven't tested this) could be a 'fix'.
-        self.temp_dir = tempfile.mktemp()
-        os.makedirs(self.temp_dir)
+        self.temp_dir = tempfile.mkdtemp()



[0] - http://docs.python.org/library/tempfile.html#tempfile.mktemp

[1]
class FileStorageTests(unittest.TestCase):
    storage_class = FileSystemStorage

    def setUp(self):
        self.temp_dir = tempfile.mktemp()
        os.makedirs(self.temp_dir)
        self.storage = self.storage_class(location=self.temp_dir,
            base_url='/test_media_url/')

    def tearDown(self):
        shutil.rmtree(self.temp_dir)"	Uncategorized	new	Uncategorized	1.3	Normal				Unreviewed	0	0	0	0		0