Merge remote-tracking branch 'origin/v10/dev' into v11/dev

# Conflicts:
#	src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs

@@ -264,15 +264,17 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
                 _hostingEnvironment.MapPathContentRoot(Path.Combine(
                     _createdPackagesFolderPath,
                     definition.Name.Replace(' ', '_')));
-            Directory.CreateDirectory(directoryName);
 
-            var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
-            var finalPackagePath = Path.Combine(directoryName, fileName);
+            var expectedRoot = Path.GetFullPath(_hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath));
+            var finalPackagePath = Path.GetFullPath(Path.Combine(directoryName, fileName));
             if (finalPackagePath.StartsWith(expectedRoot) == false)
             {
                 throw new IOException("Invalid path due to the package name");
             }
 
+            Directory.CreateDirectory(directoryName);
+
+
             // Clean existing files
             foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })
             {

src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs

@@ -18,7 +18,6 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers;
 ///     Backoffice controller supporting the dashboard for language administration.
 /// </summary>
 [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
-[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)]
 public class LanguageController : UmbracoAuthorizedJsonController
 {
     private readonly ILocalizationService _localizationService;
@@ -36,7 +35,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
         /// </summary>
         /// <returns></returns>
         [HttpGet]
-        public IDictionary<string, string> GetAllCultures()
+        [Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]public IDictionary<string, string> GetAllCultures()
             => CultureInfo.GetCultures(CultureTypes.AllCultures).DistinctBy(x => x.Name).OrderBy(x => x.EnglishName).ToDictionary(x => x.Name, x => x.EnglishName);
 
     /// <summary>
@@ -44,6 +43,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
     /// </summary>
     /// <returns></returns>
     [HttpGet]
+    [Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
     public IEnumerable<Language>? GetAllLanguages()
     {
         IEnumerable<ILanguage> allLanguages = _localizationService.GetAllLanguages();
@@ -52,6 +52,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
     }
 
     [HttpGet]
+    [Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]
     public ActionResult<Language?> GetLanguage(int id)
     {
         ILanguage? lang = _localizationService.GetLanguageById(id);

src/Umbraco.Web.BackOffice/Controllers/StylesheetController.cs

@@ -14,7 +14,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers;
 ///     The API controller used for retrieving available stylesheets
 /// </summary>
 [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
-[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)]
+[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
 public class StylesheetController : UmbracoAuthorizedJsonController
 {
     private readonly IFileService _fileService;