We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Beginners

How to change controller name suffix?

Hello,

Is it possible to avoid adding "Controller" suffix to controller name? Even if I specify full namespace path (Application/Controllers/Index) in route - dispatcher is still adding Controller suffix to it, so dispatcher is trying to find Application/Controllers/IndexController.php

It seems to me be slightly annoying to add "Controller" suffix to every controller filename because I already know that this controller from it's namespace.

I can see setActionSuffix() method in Dispatcher, but I can't see anything similar for naming controllers.

Thank you!

2


32.4k
Accepted
answer


7.3k

Ooops :) Totally missed it :)



98.9k

I would not remove this suffix because somehow it adds some level of security to the application. Without it, a malicious external user could load any class in auto-loaders or built-in with PHP by just simply pass the correct name as first parameter in a route:

https://localhost/directoryiterator https://localhost/httprequest https://localhost/somemodel https://localhost/somelibrary https://localhost/filesystemiterator/some-path

Or load any service in the DI:

https://localhost/db https://localhost/modelsManager https://localhost/flash

The suffix protects your application by only allowing the class names/services that ends with 'Controller'.



32.4k

I'm using an empty suffix with the namespace Controller. So such as \Controller\httprequest or \Controller\db just couldn't be loaded by loader. @Kirzilla, if you are going to use unsuffixed actions, you have to add annotation like "@Action" and prevent any executing of no-action methods by dispatcher using some custom plugin. But annotations cost some resources, so unlike namespaced controller, it's better to uses suffix for actions.



7.3k

@Phalcon, ok, I understand your opinion. Never thought about it from security side. Thank you.