Index: src/wp-admin/includes/file.php
===================================================================
--- src/wp-admin/includes/file.php	(revision 35487)
+++ src/wp-admin/includes/file.php	(working copy)
@@ -152,33 +152,42 @@ function wp_tempnam( $filename = '', $di
 	}
 
 	if ( empty( $filename ) || '.' == $filename || '/' == $filename ) {
 		$filename = time();
 	}
 
 	// Use the basename of the given file without the extension as the name for the temporary directory
 	$temp_filename = basename( $filename );
 	$temp_filename = preg_replace( '|\.[^.]*$|', '', $temp_filename );
 
 	// If the folder is falsey, use its parent directory name instead.
 	if ( ! $temp_filename ) {
 		return wp_tempnam( dirname( $filename ), $dir );
 	}
 
+	// Suffix some random data to avoid filename conflicts
+	$temp_filename .= '-' . wp_generate_password( 6, false );
 	$temp_filename .= '.tmp';
 	$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
-	touch( $temp_filename );
+
+	$fp = @fopen( $temp_filename, 'x' );
+	if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
+		return wp_tempnam( $filename, $dir );
+	}
+	if ( $fp ) {
+		fclose( $fp );
+	}
 
 	return $temp_filename;
 }
 
 /**
  * Make sure that the file that was requested to edit, is allowed to be edited
  *
  * Function will die if if you are not allowed to edit the file
  *
  * @since 1.5.0
  *
  * @param string $file file the users is attempting to edit
  * @param array $allowed_files Array of allowed files to edit, $file must match an entry exactly
  * @return string|null
  */