diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
index 093fadd8fe..a7f8f8ed6b 100644
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
@@ -264,15 +264,17 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
_hostingEnvironment.MapPathContentRoot(Path.Combine(
_createdPackagesFolderPath,
definition.Name.Replace(' ', '_')));
- Directory.CreateDirectory(directoryName);
- var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
- var finalPackagePath = Path.Combine(directoryName, fileName);
+ var expectedRoot = Path.GetFullPath(_hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath));
+ var finalPackagePath = Path.GetFullPath(Path.Combine(directoryName, fileName));
if (finalPackagePath.StartsWith(expectedRoot) == false)
{
throw new IOException("Invalid path due to the package name");
}
+ Directory.CreateDirectory(directoryName);
+
+
// Clean existing files
foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })
{
diff --git a/src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs b/src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs
index cef2352ab4..4e5ed094ac 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs
@@ -18,7 +18,6 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers;
/// Backoffice controller supporting the dashboard for language administration.
///
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
-[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)]
public class LanguageController : UmbracoAuthorizedJsonController
{
private readonly ILocalizationService _localizationService;
@@ -36,7 +35,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
///
///
[HttpGet]
- public IDictionary GetAllCultures()
+ [Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]public IDictionary GetAllCultures()
=> CultureInfo.GetCultures(CultureTypes.AllCultures).DistinctBy(x => x.Name).OrderBy(x => x.EnglishName).ToDictionary(x => x.Name, x => x.EnglishName);
///
@@ -44,6 +43,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
///
///
[HttpGet]
+ [Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
public IEnumerable? GetAllLanguages()
{
IEnumerable allLanguages = _localizationService.GetAllLanguages();
@@ -52,6 +52,7 @@ public class LanguageController : UmbracoAuthorizedJsonController
}
[HttpGet]
+ [Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]
public ActionResult GetLanguage(int id)
{
ILanguage? lang = _localizationService.GetLanguageById(id);
diff --git a/src/Umbraco.Web.BackOffice/Controllers/StylesheetController.cs b/src/Umbraco.Web.BackOffice/Controllers/StylesheetController.cs
index 616edfa04f..1fc5f641f6 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/StylesheetController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/StylesheetController.cs
@@ -14,7 +14,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers;
/// The API controller used for retrieving available stylesheets
///
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
-[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)]
+[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
public class StylesheetController : UmbracoAuthorizedJsonController
{
private readonly IFileService _fileService;