diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc
index da3f07e7f..8c408904e 100644
--- a/src/etc/inc/priv.defs.inc
+++ b/src/etc/inc/priv.defs.inc
@@ -1278,12 +1278,6 @@ $priv_list['page-upload_progress']['descr'] = gettext("Allow access to the 'Syst
 $priv_list['page-upload_progress']['match'] = array();
 $priv_list['page-upload_progress']['match'][] = "upload_progress*";
 
-$priv_list['page-hidden-uploadconfiguration'] = array();
-$priv_list['page-hidden-uploadconfiguration']['name'] = gettext("WebCfg - Hidden: Upload Configuration page");
-$priv_list['page-hidden-uploadconfiguration']['descr'] = gettext("Allow access to the 'Hidden: Upload Configuration' page.");
-$priv_list['page-hidden-uploadconfiguration']['match'] = array();
-$priv_list['page-hidden-uploadconfiguration']['match'][] = "uploadconfig.php*";
-
 $priv_list['page-vpn-ipsec'] = array();
 $priv_list['page-vpn-ipsec']['name'] = gettext("WebCfg - VPN: IPsec page");
 $priv_list['page-vpn-ipsec']['descr'] = gettext("Allow access to the 'VPN: IPsec' page.");
diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt
index 9ebfd5c02..47eb3a2f5 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt
+++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt
@@ -214,7 +214,6 @@ page-system-usermanager-passwordmg=system_usermanager_passwordmg.php*
 page-system-usermanager-settings=system_usermanager_settings.php*
 page-system-usermanager-settings-testldap=system_usermanager_settings_test.php*
 page-upload_progress=upload_progress*
-page-hidden-uploadconfiguration=uploadconfig.php*
 page-vpn-ipsec=vpn_ipsec.php*
 page-vpn-ipsec-listkeys=vpn_ipsec_keys.php*
 page-vpn-ipsec-editkeys=vpn_ipsec_keys_edit.php*
diff --git a/src/www/interfaces.php b/src/www/interfaces.php
index 17109bd84..004283377 100644
--- a/src/www/interfaces.php
+++ b/src/www/interfaces.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2004-2008 Scott Ullrich
@@ -396,14 +397,14 @@ $ipv6_num_prefix_ids = pow(2, $ipv6_delegation_length);
 
 if ($_POST['apply']) {
 	unset($input_errors);
-	if (!is_subsystem_dirty('interfaces'))
+	if (!is_subsystem_dirty('interfaces')) {
 		$intput_errors[] = gettext("You have already applied your settings!");
-	else {
-		unlink_if_exists("{$g['tmp_path']}/config.cache");
+	} else {
+		unlink_if_exists('/tmp/config.cache');
 		clear_subsystem_dirty('interfaces');
 
-		if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {
-			$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));
+		if (file_exists('/tmp/.interfaces.apply')) {
+			$toapplylist = unserialize(file_get_contents('/tmp/.interfaces.apply'));
 			foreach ($toapplylist as $ifapply => $ifcfgo) {
 				if (isset($config['interfaces'][$ifapply]['enable'])) {
 					interface_bring_down($ifapply, false, $ifcfgo);
@@ -427,7 +428,7 @@ if ($_POST['apply']) {
 		if (is_subsystem_dirty('staticroutes') && (system_routing_configure() == 0))
 			clear_subsystem_dirty('staticroutes');
 	}
-	@unlink("{$g['tmp_path']}/.interfaces.apply");
+	@unlink('/tmp/.interfaces.apply');
 	header("Location: interfaces.php?if={$if}");
 	exit;
 } else if ($_POST && $_POST['enable'] != "yes") {
@@ -436,15 +437,15 @@ if ($_POST['apply']) {
 		interface_sync_wireless_clones($wancfg, false);
 	write_config("Interface {$_POST['descr']}({$if}) is now disabled.");
 	mark_subsystem_dirty('interfaces');
-	if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {
-		$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));
+	if (file_exists('/tmp/.interfaces.apply')) {
+		$toapplylist = unserialize(file_get_contents('/tmp/.interfaces.apply'));
 	} else {
 		$toapplylist = array();
 	}
 	$toapplylist[$if]['ifcfg'] = $wancfg;
 	$toapplylist[$if]['ppps'] = $a_ppps;
 	/* we need to be able remove IP aliases for IPv6 */
-	file_put_contents("{$g['tmp_path']}/.interfaces.apply", serialize($toapplylist));
+	file_put_contents('/tmp/.interfaces.apply', serialize($toapplylist));
 	header("Location: interfaces.php?if={$if}");
 	exit;
 } else if ($_POST) {
@@ -1127,14 +1128,14 @@ if ($_POST['apply']) {
 		conf_mount_ro();
 		write_config();
 
-		if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {
-			$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));
+		if (file_exists('/tmp/.interfaces.apply')) {
+			$toapplylist = unserialize(file_get_contents('/tmp/.interfaces.apply'));
 		} else {
 			$toapplylist = array();
 		}
 		$toapplylist[$if]['ifcfg'] = $old_wancfg;
 		$toapplylist[$if]['ppps'] = $old_ppps;
-		file_put_contents("{$g['tmp_path']}/.interfaces.apply", serialize($toapplylist));
+		file_put_contents('/tmp/.interfaces.apply', serialize($toapplylist));
 
 		mark_subsystem_dirty('interfaces');
 
diff --git a/src/www/status.php b/src/www/status.php
index ce520232f..8a845c2fc 100755
--- a/src/www/status.php
+++ b/src/www/status.php
@@ -1,8 +1,10 @@
 <?php
+
 /*
 	Copyright (C) Scott Ullrich geekgod@pfsense.com
 	Copyright (C) Manuel Kasper <mk@neon1.net>
 	Copyright (C) 2003 Jim McBeath <jimmc@macrovision.com>
+
 	Redistribution and use in source and binary forms, with or without
 	modification, are permitted provided that the following conditions are met:
 
@@ -25,10 +27,6 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-/* Execute a command, with a title, and generate an HTML table
- * showing the results.
- */
-
 /* include all configuration functions */
 require_once("guiconfig.inc");
 require_once("functions.inc");
@@ -180,7 +178,7 @@ defCmd("ls /var/run");
 
 defCmd("/sbin/mount");
 
-defCmdT("cat {$g['tmp_path']}/rules.debug","cat {$g['tmp_path']}/rules.debug");
+defCmdT("cat /tmp/rules.debug","cat /tmp/rules.debug");
 
 defCmdT("VMStat", "vmstat -afimsz");
 
diff --git a/src/www/status_queues.php b/src/www/status_queues.php
index 8bbbb9910..20aa3e8cb 100644
--- a/src/www/status_queues.php
+++ b/src/www/status_queues.php
@@ -59,8 +59,8 @@ $fd = @fsockopen("unix://{$g['varrun_path']}/qstats");
 	while(!feof($fd))
 		$stats .= fread($fd, 4096);
 	fclose($fd);
-	@file_put_contents("{$g['tmp_path']}/qstats", $stats);
-	$altqstats = @parse_xml_config("{$g['tmp_path']}/qstats", array("altqstats"));
+	@file_put_contents('/tmp/qstats', $stats);
+	$altqstats = @parse_xml_config('/tmp/qstats', array('altqstats'));
 	if ($altqstats == -1)
 		$error = "No queue statistics could be read.";
 }
diff --git a/src/www/system_routes_edit.php b/src/www/system_routes_edit.php
index f87f1c863..cc91432e7 100644
--- a/src/www/system_routes_edit.php
+++ b/src/www/system_routes_edit.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
@@ -170,22 +171,24 @@ if ($_POST) {
 		else
 			unset($route['disabled']);
 
-		if (file_exists("{$g['tmp_path']}/.system_routes.apply"))
-			$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.system_routes.apply"));
-		else
+		if (file_exists('/tmp/.system_routes.apply')) {
+			$toapplylist = unserialize(file_get_contents('/tmp/.system_routes.apply'));
+		} else {
 			$toapplylist = array();
+		}
 		$a_routes[$id] = $route;
 
 		if (!empty($oroute)) {
 			$delete_targets = array_diff($old_targets, $new_targets);
 			if (count($delete_targets))
 				foreach ($delete_targets as $dts) {
-					if(is_ipaddrv6($dts))
-						$family = "-inet6";
+					if (is_ipaddrv6($dts)) {
+						$family = '-inet6';
+					}
 					$toapplylist[] = "/sbin/route delete {$family} {$dts}";
 				}
 		}
-		file_put_contents("{$g['tmp_path']}/.system_routes.apply", serialize($toapplylist));
+		file_put_contents('/tmp/.system_routes.apply', serialize($toapplylist));
 
 		mark_subsystem_dirty('staticroutes');
 
diff --git a/src/www/uploadconfig.php b/src/www/uploadconfig.php
deleted file mode 100644
index d2d4bc000..000000000
--- a/src/www/uploadconfig.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-
-/*
-	Copyright (C) 2014-2015 Deciso B.V.
-	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	notice, this list of conditions and the following disclaimer in the
-	documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("guiconfig.inc");
-
-header("Content-Type: text/plain");
-
-/* get config.xml in POST variable "config" */
-if ($_POST['config']) {
-	$fd = @fopen("{$g['tmp_path']}/config.xml", "w");
-	if (!$fd) {
-		echo gettext("ERR Could not save configuration.")."\n";
-		exit(0);
-	}
-	fwrite($fd, $_POST['config']);
-	fclose($fd);
-	if (config_install("{$g['tmp_path']}/config.xml") == 0) {
-		echo gettext("OK")."\n";
-		system_reboot();
-	} else {
-		echo gettext("ERR Could not install configuration.")."\n";
-	}
-} else {
-	echo gettext("ERR Invalid configuration received.")."\n";
-}
-
-exit(0);
diff --git a/src/www/vpn_pppoe.php b/src/www/vpn_pppoe.php
index 83cfe742c..2c7f83fc7 100644
--- a/src/www/vpn_pppoe.php
+++ b/src/www/vpn_pppoe.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2010 Ermal Luci
@@ -39,8 +40,8 @@ if ($_POST) {
         $pconfig = $_POST;
 
         if ($_POST['apply']) {
-                if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply")) {
-                        $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"));
+                if (file_exists('/tmp/.vpn_pppoe.apply')) {
+                        $toapplylist = unserialize(file_get_contents('/tmp/.vpn_pppoe.apply'));
                         foreach ($toapplylist as $pppoeid) {
 				if (!is_numeric($pppoeid))
 					continue;
@@ -53,7 +54,7 @@ if ($_POST) {
 					}
 				}
                         }
-                        @unlink("{$g['tmp_path']}/.vpn_pppoe.apply");
+                        @unlink('/tmp/.vpn_pppoe.apply');
                 }
                 $retval = 0;
                 $retval |= filter_configure();
diff --git a/src/www/vpn_pppoe_edit.php b/src/www/vpn_pppoe_edit.php
index 9e74a7429..6ec494390 100644
--- a/src/www/vpn_pppoe_edit.php
+++ b/src/www/vpn_pppoe_edit.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
@@ -27,10 +28,9 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-require("guiconfig.inc");
+require_once("guiconfig.inc");
 require_once("vpn.inc");
 
-
 function vpn_pppoe_get_id() {
 	global $config;
 
@@ -211,17 +211,18 @@ if ($_POST) {
 
 		if (!isset($id))
 			$id = count($a_pppoes);
-		if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply"))
-			$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"));
-		else
+		if (file_exists('/tmp/.vpn_pppoe.apply')) {
+			$toapplylist = unserialize(file_get_contents('/tmp/.vpn_pppoe.apply'));
+		} else {
 			$toapplylist = array();
+		}
 
 		$toapplylist[] = $pppoecfg['pppoeid'];
 		$a_pppoes[$id] = $pppoecfg;
 
 		write_config();
 		mark_subsystem_dirty('vpnpppoe');
-		file_put_contents("{$g['tmp_path']}/.vpn_pppoe.apply", serialize($toapplylist));
+		file_put_contents('/tmp/.vpn_pppoe.apply', serialize($toapplylist));
 		header("Location: vpn_pppoe.php");
 		exit;
 	}
diff --git a/src/www/wizard.php b/src/www/wizard.php
index 8b47b4922..be920ebef 100644
--- a/src/www/wizard.php
+++ b/src/www/wizard.php
@@ -955,8 +955,9 @@ function fixup_string($string) {
 		else if ($urlhost == $config['system']['hostname'] . '.' . $config['system']['domain'])
 			$urlhost = $config['wizardtemp']['system']['hostname'] . '.' . $config['wizardtemp']['system']['domain'];
 	}
-	if($urlhost != $http_host)
-		file_put_contents("{$g['tmp_path']}/setupwizard_lastreferrer", $proto . "://" . $http_host . $urlport . $_SERVER['REQUEST_URI']);
+	if ($urlhost != $http_host) {
+		file_put_contents('/tmp/setupwizard_lastreferrer', $proto . '://' . $http_host . $urlport . $_SERVER['REQUEST_URI']);
+	}
 	$myurl = $proto . "://" . $urlhost . $urlport . "/";
 
 	if (strstr($newstring, "\$myurl"))