We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

How to change controller name suffix?

Hello,

Is it possible to avoid adding "Controller" suffix to controller name? Even if I specify full namespace path (Application/Controllers/Index) in route - dispatcher is still adding Controller suffix to it, so dispatcher is trying to find Application/Controllers/IndexController.php

It seems to me be slightly annoying to add "Controller" suffix to every controller filename because I already know that this controller from it's namespace.

I can see setActionSuffix() method in Dispatcher, but I can't see anything similar for naming controllers.

Thank you!



32.4k
Accepted
answer


7.3k

Ooops :) Totally missed it :)



98.9k

I would not remove this suffix because somehow it adds some level of security to the application. Without it, a malicious external user could load any class in auto-loaders or built-in with PHP by just simply pass the correct name as first parameter in a route:

https://localhost/directoryiterator https://localhost/httprequest https://localhost/somemodel https://localhost/somelibrary https://localhost/filesystemiterator/some-path

Or load any service in the DI:

https://localhost/db https://localhost/modelsManager https://localhost/flash

The suffix protects your application by only allowing the class names/services that ends with 'Controller'.



32.4k

I'm using an empty suffix with the namespace Controller. So such as \Controller\httprequest or \Controller\db just couldn't be loaded by loader. @Kirzilla, if you are going to use unsuffixed actions, you have to add annotation like "@Action" and prevent any executing of no-action methods by dispatcher using some custom plugin. But annotations cost some resources, so unlike namespaced controller, it's better to uses suffix for actions.



7.3k

@Phalcon, ok, I understand your opinion. Never thought about it from security side. Thank you.