Index: openacs-4/packages/acs-templating/tcl/test/file-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/tcl/test/Attic/file-procs.tcl,v
diff -u -r1.1.2.8 -r1.1.2.9
--- openacs-4/packages/acs-templating/tcl/test/file-procs.tcl	10 Oct 2022 07:28:33 -0000	1.1.2.8
+++ openacs-4/packages/acs-templating/tcl/test/file-procs.tcl	30 Nov 2022 11:24:30 -0000	1.1.2.9
@@ -79,17 +79,20 @@
         set file_name afile
 
         #
-        # Here we send an unsafe tmpfile using the 3 elements list
-        # format.
+        # Here we send a file that is not a direct child of the
+        # tmpfolder using the 3 elements list format. This is expected
+        # to fail.
         #
         aa_section "- EVIL - send an unsafe tmpfile using the 3 elements list format"
 
-        set tmpfile [ad_tmpnam]/inafolder/test.txt
-        file mkdir [file dirname $tmpfile]
-        set wfd [open $tmpfile w]
+        set tmpdir [ad_mktmpdir]
+        set wfd [ad_opentmpfile tmpfile]
         puts $wfd bbbb
         close $wfd
 
+        file rename -- $tmpfile $tmpdir/[file tail $tmpfile]
+        set tmpfile $tmpdir/[file tail $tmpfile]
+
         aa_true "Tmpfile '$tmpfile' exists" [file exists $tmpfile]
 
         set d [::acs::test::form_reply \
@@ -107,18 +110,26 @@
         #
         acs::test::reply_has_status_code $d 200
 
+        #
+        # Cleanup
+        #
+        file delete -force -- $tmpdir
 
         #
-        # Here we send an unsafe tmpfile as part of a multipart request.
+        # Here we send a file that is not a direct child of the
+        # tmpfolder as part of a multipart request. This is expected
+        # to fail.
         #
         aa_section "- EVIL - Send an unsafe tmpfile as part of a multipart request"
 
-        set tmpfile [ad_tmpnam]/inafolder/test.txt
-        file mkdir [file dirname $tmpfile]
-        set wfd [open $tmpfile w]
+        set tmpdir [ad_mktmpdir]
+        set wfd [ad_opentmpfile tmpfile]
         puts $wfd cccc
         close $wfd
 
+        file rename -- $tmpfile $tmpdir/[file tail $tmpfile]
+        set tmpfile $tmpdir/[file tail $tmpfile]
+
         aa_true "Tmpfile '$tmpfile' exists" [file exists $tmpfile]
 
         #
@@ -147,14 +158,17 @@
         #
         acs::test::reply_has_status_code $d 200
 
+        #
+        # Cleanup
+        #
+        file delete -force -- $tmpdir
 
         #
         # Here we send a safe tmpfile via a genuine multipart request.
         #
         aa_section "- GOOD - Send a safe tmpfile via a genuine multipart request"
 
-        set tmpfile [ad_tmpnam].txt
-        set wfd [open $tmpfile w]
+        set wfd [ad_opentmpfile tmpfile]
         puts $wfd dddd
         close $wfd
 
@@ -185,8 +199,12 @@
         aa_true "Form received a different file" [file exists $new_path]
         aa_equals "The other file has the same content of our file" \
             [ns_md file $new_path] [ns_md file $tmpfile]
-        file delete -- $new_path
 
+        #
+        # Cleanup
+        #
+        file delete -- $new_path $tmpfile
+
     } finally {
         ns_unregister_op GET  $endpoint_name
         ns_unregister_op POST $endpoint_name