Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename.

This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562

Built from https://develop.svn.wordpress.org/trunk@35644


git-svn-id: http://core.svn.wordpress.org/trunk@35608 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/file.php

@@ -164,9 +164,18 @@ function wp_tempnam( $filename = '', $dir = '' ) {
 		return wp_tempnam( dirname( $filename ), $dir );
 	}
 
+	// Suffix some random data to avoid filename conflicts
+	$temp_filename .= '-' . wp_generate_password( 6, false );
 	$temp_filename .= '.tmp';
 	$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
-	touch( $temp_filename );
+
+	$fp = @fopen( $temp_filename, 'x' );
+	if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
+		return wp_tempnam( $filename, $dir );
+	}
+	if ( $fp ) {
+		fclose( $fp );
+	}
 
 	return $temp_filename;
 }

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-beta4-35643';
+$wp_version = '4.4-beta4-35644';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.