Some of Tiki's preferences are quite powerful (and thus dangerous) and should be used only by experts. These risky preferences are disabled and hidden by default, since Tiki 22 and only the system administrator can make them visible through Tiki's system configuration file.
This addresses CVE-2020-29254
These are the preferences marked as risky:
First, in order to enable these features first is needed to activate the system configuration.
If you don’t have one, you will need to declare the path of the tiki.ini file where rules can be stored.
$system_configuration_file = 'db/tiki.ini';
In your configuration file, add new rules to Tiki's configuration file that allows showing these features.
See the following example:
rules.0 = show smarty_security_functions