Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

How to change controller name suffix?

Hello,

Is it possible to avoid adding "Controller" suffix to controller name? Even if I specify full namespace path (Application/Controllers/Index) in route - dispatcher is still adding Controller suffix to it, so dispatcher is trying to find Application/Controllers/IndexController.php

It seems to me be slightly annoying to add "Controller" suffix to every controller filename because I already know that this controller from it's namespace.

I can see setActionSuffix() method in Dispatcher, but I can't see anything similar for naming controllers.

Thank you!



20.4k
Accepted
answer


4.6k

Ooops :) Totally missed it :)



82.2k

I would not remove this suffix because somehow it adds some level of security to the application. Without it, a malicious external user could load any class in auto-loaders or built-in with PHP by just simply pass the correct name as first parameter in a route:

http://localhost/directoryiterator http://localhost/httprequest http://localhost/somemodel http://localhost/somelibrary http://localhost/filesystemiterator/some-path

Or load any service in the DI:

http://localhost/db http://localhost/modelsManager http://localhost/flash

The suffix protects your application by only allowing the class names/services that ends with 'Controller'.



20.4k

I'm using an empty suffix with the namespace Controller. So such as \Controller\httprequest or \Controller\db just couldn't be loaded by loader. @Kirzilla, if you are going to use unsuffixed actions, you have to add annotation like &quot @Action" and prevent any executing of no-action methods by dispatcher using some custom plugin. But annotations cost some resources, so unlike namespaced controller, it's better to uses suffix for actions.



4.6k

@Phalcon, ok, I understand your opinion. Never thought about it from security side. Thank you.