From f73221ed85db77b547590bed43f26d4d837a7d51 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 3 Feb 2019 16:35:23 +0000
Subject: [PATCH] Use Dir::Tmpname.make_tmpname for threadsafe file naming

---
 app/controllers/admin/product_import_controller.rb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/controllers/admin/product_import_controller.rb b/app/controllers/admin/product_import_controller.rb
index 72a5a63f30..fd700d633f 100644
--- a/app/controllers/admin/product_import_controller.rb
+++ b/app/controllers/admin/product_import_controller.rb
@@ -79,11 +79,9 @@ module Admin
     end
 
     def save_uploaded_file(upload)
-      filename = 'import' + Time.zone.now.strftime('%d-%m-%Y-%H-%M-%S')
-      extension = '.' + upload.original_filename.split('.').last
-      directory = 'tmp/product_import'
-      Dir.mkdir(directory) unless File.exist?(directory)
-      File.open(Rails.root.join(directory, filename + extension), 'wb') do |f|
+      extension = File.extname(upload.original_filename)
+      directory = Dir.mktmpdir 'product_import'
+      File.open(File.join(directory, "import#{extension}"), 'wb') do |f|
         data = UploadSanitizer.new(upload.read).call
         f.write(data)
         f.path