Enable Developer Toolbar through the URL
Thursday, 17 November 2011
Many people use the Magento Developer Toolbar when developing in Magento. The extension contains many features that are useful when working with Magento themes. One of those features is that you can enable the Magento templating hints through URL. Call it a feature or a bug, but many site-owners are not aware of this option - which definitely should be turned off in production environments.
Enabling the template path hints remotely
The functionality of template path hints adds extra HTML-output to every Magento page, describing the various Magento blocks with extra tags: Using this feature, you can easily track down the block-names (as they are defined in the XML-layout) or the PHTML-template that has generated this HTML-output. Very useful.
The Magento Developer Toolbar makes it easier to turn on or off features like this, and one of the ways it does so, is through URL:
MAGENTO/developertoolbar/index/hints/enabled/1/
Not fit for production environments
Obviously, you don't want your production site to be messed up with garbled output, so you need to pay attention to the important note the developers of Developer Toolbar add to their extension: Do not use it on production environments. If your shop is in production, you should have either removed the extension alltogether or disabled its output by changing the Advanced settings in the Magento System Configuration.
Ofcourse, this information also allows for fun by testing how many Magento shops in production have actually forgot about this. There seem already to be bots that scan the web for Magento sites and try to enable these template-path hints on them. There's not much security danger here, but it's annoying to say the least.
