From 6e00b443cd2f8a3fb74925082b23dd2c614a1973 Mon Sep 17 00:00:00 2001
From: Chimpzee <snickom@gmail.com>
Date: Mon, 11 Jan 2016 15:43:41 +0100
Subject: [PATCH] Bug with tempnam("/tmp", "");

Some hostings have a different temporary path than "/tmp".
---
 NEWS                                    | 1 +
 library/HTMLPurifier/URIScheme/data.php | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 2eb2895c..9444d034 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Non all-numeric top-level names (e.g., foo.1f, 1f) are now
   allowed.
 - Minor bounds error fix to squash a PHP 7 notice.
+- Support non-/tmp temporary directories for data:// validation
 
 4.7.0, released 2015-08-04
 # opacity is now considered a "tricky" CSS property rather than a
diff --git a/library/HTMLPurifier/URIScheme/data.php b/library/HTMLPurifier/URIScheme/data.php
index 6ebca498..19321a03 100644
--- a/library/HTMLPurifier/URIScheme/data.php
+++ b/library/HTMLPurifier/URIScheme/data.php
@@ -81,7 +81,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
         }
         // XXX probably want to refactor this into a general mechanism
         // for filtering arbitrary content types
-        $file = tempnam("/tmp", "");
+        if (function_exists('sys_get_temp_dir')) {
+            $file = tempnam(sys_get_temp_dir(), "");
+        } else {
+            $file = tempnam("/tmp", "");
+        }
         file_put_contents($file, $raw_data);
         if (function_exists('exif_imagetype')) {
             $image_code = exif_imagetype($file);
-- 
2.11.4.GIT