Loading...
 

Plugin Security


By default, Wiki Syntax is designed to be safer than HTML. If we let users just use any HTML & JavaScript, some could do nasty things like XSS.

Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.

Image


The permissions involved are:

Permission Description
tiki_p_plugin_approve Can approve plugin execution
tiki_p_plugin_preview Can execute unapproved plugin
tiki_p_plugin_viewdetail Can view unapproved plugin details


Plugin Approval


See Plugin Approval

Plugin Management

Plugins can be enabled or disabled on a site wide basis by an admin. So if you don't need it, turn it off.

How to deactivate

This is not recommended, but you can do in a testing context, where all users are trusted. You need access to files on the serverYou can use SSH, an FTP client or if you are using Virtualmin: https://www.virtualmin.com/documentation/tutorial/how-to-use-the-file-manager/. For security reasons, there is no way to do via the web interface.

  1. Find the file for the relevant Wiki Plugin. Ex.: lib/wiki-plugins/wikiplugin_html.php
  2. Replace
Copy to clipboard
'validate' => 'all',

by

Copy to clipboard
'validate' => 'none',

The next time you upgrade Tiki, you will need to do this again (because you will get standard Tiki file again). Unless you use Tiki Manager or you get source code from https://gitlab.com/tikiwiki/tiki where you local changes can be maintained.

Alias

doc.tiki.org

Get Started

Admin Guide User Guide

Keywords

Keywords serve as "hubs" for navigation within the Tiki documentation. They correspond to development keywords (bug reports and feature requests):

Accessibility (WAI and 508)
Accounting
Articles and Submissions
Backlinks
Banners
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Link Cache
Calendar
Category
Chat
Clean URLs
Comments
Communication Center
Compression (gzip)
Contacts (Address Book)
Contact us
Content Templates
Contribution
Cookie
Copyright
Credit
Custom Home and Group Home Page
Date and Time
Debugger Console
Directory of hyperlinks
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
Draw
Dynamic Content
Dynamic Variable
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Gmap Google maps
Groups
Hotword
HTML Page
i18n (Multilingual, l10n)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
Kaltura video management
Karma
Live Support
Login
Logs (system & action)
Look and Feel
Mail-in
Map with Mapserver
Menu
Meta Elements
Mobile Tiki and Voice Tiki
Module
MultiTiki
MyTiki
Newsletter
Notepad
Payment
Performance Speed / Load
Permissions
Platform independence (Linux-Apache, Windows/IIS, Mac, BSD)
Polls
Profiles
Profile Manager
Report
Toolbar
Quiz
Rating
Feeds
Score
Search engine optimization
Search
Search and Replace
Security
Semantic links
Shadowbox
Shadow Layers
Share
Shopping cart
Shoutbox
Slideshow
Smiley
Social Networks
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Stats
Surveys
Tags
Task
Tell a Friend, alert + Social Bookmarking
TikiTests
Theme CSS & Smarty
Tiki Manager
Trackers
Transitions
User Administration including registration and banning
User Files
User Menu
Watch
WebDAV
Webmail
Web Services
Wiki History, page rename, etc
Wiki Syntax
Wiki structure (book and table of content)
Workspace
WSOD
WYSIWYCA
WYSIWYG
XMLRPC

Tiki Newsletter

Delivered fresh to your email inbox!
Newsletter subscribe icon
Don't miss major announcements and other news!
Contribute to Tiki