We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

How to change controller name suffix?


Is it possible to avoid adding "Controller" suffix to controller name? Even if I specify full namespace path (Application/Controllers/Index) in route - dispatcher is still adding Controller suffix to it, so dispatcher is trying to find Application/Controllers/IndexController.php

It seems to me be slightly annoying to add "Controller" suffix to every controller filename because I already know that this controller from it's namespace.

I can see setActionSuffix() method in Dispatcher, but I can't see anything similar for naming controllers.

Thank you!



Ooops :) Totally missed it :)


I would not remove this suffix because somehow it adds some level of security to the application. Without it, a malicious external user could load any class in auto-loaders or built-in with PHP by just simply pass the correct name as first parameter in a route:

http://localhost/directoryiterator http://localhost/httprequest http://localhost/somemodel http://localhost/somelibrary http://localhost/filesystemiterator/some-path

Or load any service in the DI:

http://localhost/db http://localhost/modelsManager http://localhost/flash

The suffix protects your application by only allowing the class names/services that ends with 'Controller'.


I'm using an empty suffix with the namespace Controller. So such as \Controller\httprequest or \Controller\db just couldn't be loaded by loader. @Kirzilla, if you are going to use unsuffixed actions, you have to add annotation like "@Action" and prevent any executing of no-action methods by dispatcher using some custom plugin. But annotations cost some resources, so unlike namespaced controller, it's better to uses suffix for actions.


@Phalcon, ok, I understand your opinion. Never thought about it from security side. Thank you.