id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15768	The setUp() method FileStorageTests in tests/regressiontests/file_storage/tests.py uses tempfile.mktemp()	d1b	elbarto	"The {{{tempfile.mktemp()}}} function is deprecated and the documentation warns that the ""Use of this function may introduce a security hole in your program"" - see http://docs.python.org/library/tempfile.html#tempfile.mktemp for more information.

The {{{setUp()}}} method {{{FileStorageTests}}} in tests/regressiontests/file_storage/tests.py uses {{{tempfile.mktemp()}}} in creating a temporary directory. The temporary directory is then deleted during {{{tearDown()}}}:

{{{
#!python
class FileStorageTests(unittest.TestCase):
    storage_class = FileSystemStorage

    def setUp(self):
        self.temp_dir = tempfile.mktemp()
        os.makedirs(self.temp_dir)
        self.storage = self.storage_class(location=self.temp_dir,
            base_url='/test_media_url/')

    def tearDown(self):
        shutil.rmtree(self.temp_dir)
}}}

This seems like a mistake because other classes such as {{{FileSaveRaceConditionTest}}} use {{{tempfile.mkdtemp()}}}. {{{tempfile.mkdtemp}}} is a safer way of creating a temporary directory.

Something like the following (_NOTE_: I haven't tested this) could be a 'fix'.
{{{
-        self.temp_dir = tempfile.mktemp()
-        os.makedirs(self.temp_dir)
+        self.temp_dir = tempfile.mkdtemp()
}}}

"	Cleanup/optimization	closed	Testing framework	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0