Is allowing uploads of .php files dangerous if only the tmp files content is being used?
I'm not moving the tmp file to a 'live' (web-accessible) directory at all, simply doing a file_get_contents on the tmp file and running a few regexes against it (the code is never executed/run).
Could this be dangerous or pose any risks?
Since you’re not executing it, the file is nothing more than a plain text file. Check the file size and type as you would with any other data file and you should be safe.
If you later decide to make it web accessible (for whatever reason), make sure you set permissions on it (in a Linux environment) or change the file extension (under Windows) so that it cannot be executed.
This will somewhat depend on your environment.
File upload itself it not harmful unless your environment is not Windows. In that case, I'd employ an antivirus program to check the file before any processing is done on it.
Also, file size matters. file_get_contents will read the whole file into your server's memory at once. So, if the file is too big or your resources too low, you may run into errors.
That's probably all I'd be worried about if I'm not presenting uploaded content to my users.