From 7f56374ec16a43eafed8272967a27abbc93f7434 Mon Sep 17 00:00:00 2001
From: Alexandre <44178713+alexbelgium@users.noreply.github.com>
Date: Fri, 9 Jan 2026 09:25:23 +0100
Subject: [PATCH] Use mktemp_safe for temporary file generation

Replaced mktemp with mktemp_safe for safer temporary file creation.
---
 .templates/00-global_var.sh | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.templates/00-global_var.sh b/.templates/00-global_var.sh
index dcb60d392..a739884e9 100755
--- a/.templates/00-global_var.sh
+++ b/.templates/00-global_var.sh
@@ -20,6 +20,16 @@ if [[ ! -f "$ENV_FILE" ]]; then
     printf '# Generated by 00-global_var.sh from %s\n' "$JSONSOURCE" > "$ENV_FILE"
 fi
 
+# mktemp
+mktemp_safe() {
+    local tmpdir="${TMPDIR:-/tmp}"
+    mkdir -p "$tmpdir" || return 1
+
+    local tmpfile
+    tmpfile="$(mktemp "$tmpdir/tmp.XXXXXXXXXX")" || return 1
+    printf '%s\n' "$tmpfile"
+}
+
 # Define secrets location (optional)
 SECRETSOURCE=""
 if [[ -f /homeassistant/secrets.yaml ]]; then
@@ -32,7 +42,7 @@ fi
 BLOCK_BEGIN="# --- BEGIN ADDON ENV (generated) ---"
 BLOCK_END="# --- END ADDON ENV (generated) ---"
 
-EXPORT_BLOCK_FILE="$(mktemp)"
+EXPORT_BLOCK_FILE="$(mktemp_safe)"
 trap 'rm -f "$EXPORT_BLOCK_FILE"' EXIT
 
 {
@@ -148,7 +158,7 @@ is_shell_run_script() {
 inject_block_into_file() {
     local file="$1"
     local tmp
-    tmp="$(mktemp)"
+    tmp="$(mktemp_safe)"
 
     awk -v bfile="${EXPORT_BLOCK_FILE}" -v begin="${BLOCK_BEGIN}" -v end="${BLOCK_END}" '
         function print_block() {