I put this info as a note to the function, including it here as a bug report just in case.

This function has an strange and potentially
dangerous behavior. When using the code:
<PRE>
<?
$listfile = tempnam("tmp","q");
echo($listfile . "\n");
?>
</PRE>
and running it with the stand-alone version
of php3, the following are the results:
(Assume that you are in dir /home/user/foo)
<OL>
<LI>If the subdir "tmp" does not exist
<PRE>
Content-type: text/html
 
/var/tmp/qAAAa001Nh
</PRE>
</LI>
<LI>If the subdir "tmp" exists
<PRE>
Content-type: text/html
 
tmp/qAAAa001Ob
</PRE>
</LI>
</OL>
The latter is the intended answer in the first place.
My impression was that the function returns a unique
filename, so I fail to see the advantage of making it
search through the filesystem or the path var.
<P>
Now, if you change the first line of the code to read:
<PRE>
$listfile = tempnam("./tmp","q");
</PRE>
You get the same behavior as the previous 2 cases, but if
you use:
<PRE>
$listfile = tempnam("","q");
</PRE>
The results is:
<PRE>
Content-type: text/html
 
/var/tmp/qAAAa001PI
</PRE>
No matter if subdir "tmp" exists or not, when the expected
output will be a unique filename w/o directory path.
<P>
This is useful because this temp filename will be used to create
a file in different directories, depending on the values of
one or more variables from a form.
<P>
This behavior should be (a) fixed or (b) documented clearly. I did
not see this mentioned in the PHP/FI manual either.

=== Extra info ===

PHP was compiled with a command line like:
./configure --prefix=/foo/bar/php3 --without-gd --with-msql=/foo/bar/mSQL --with-config-file-path=/foo/bar/php3 
--enable-track-vars --enable-magic-quotes --with-apache=/foo/bar/src/apache_1.3.1