Loading...

Skip to main content

History: Risky Preferences

View published page Collapse Into Edit Sessions

Source of version: 7

«
»

Copy to clipboard

            ! Risky preferences

Some of [https://tiki.org|Tiki's] preferences are quite powerful (and thus dangerous) and should be used only by experts. These risky preferences are disabled and hidden by default, since Tiki 22 and only the system administrator can make them visible through Tiki's system configuration file.

^ Introduced in ((Tiki22)) ^

This addresses ((CVE-2020-29254))


These are the preferences marked as risky:
* feature_editcss
* feature_edit_templates
* feature_purifier
* smarty_security_functions
* smarty_security_modifiers
* smarty_security_dirs
* tiki_allow_trust_input

!! Enable/Show risky preferences

First, in order to enable these features first is needed to activate the ((system configuration)).
If you don’t have one, you will need to declare the path of the tiki.ini file where rules can be stored.
{CODE(caption=Sample configuration file placed in db/local.php, with a relative path)}
$system_configuration_file = 'db/tiki.ini';
{CODE}

In your configuration file, add new rules to Tiki's configuration file that allows showing these features. 

See the following example:
{CODE(caption=System configuration file  sample(db/tiki.ini) that enable to show "smarty_security_functions" preference)}
rules.0 = show smarty_security_functions
{CODE}

History

Enable pagination rows per page

Information	Version
Thu 23 Feb, 2023 09:58 GMT-0000 Jonny Bradley	8
Sun 06 Feb, 2022 07:54 GMT-0000 Bernard Sfez / Tiki Specialist Setting the summary bloc	7
Thu 27 May, 2021 04:40 GMT-0000 Marc Laporte	6
Tue 16 Feb, 2021 11:09 GMT-0000 Bernard Sfez / Tiki Specialist Adding explanations and sample code	5
Wed 27 May, 2020 15:13 GMT-0000 Marc Laporte	4
Thu 12 Mar, 2020 14:16 GMT-0000 Marc Laporte	3
Wed 19 Feb, 2020 23:23 GMT-0000 Marc Laporte	2
Wed 12 Feb, 2020 18:27 GMT-0000 Jorge Sá Pereira	1