Returns TRUE if a path is external to Drupal (e.g. http://example.com).
If a path cannot be assessed by Drupal's menu handler, then we must treat it as potentially insecure.
$path: The internal path or external URL being linked to, such as "node/34" or "http://example.com/foo".
Boolean TRUE or FALSE, where TRUE indicates an external path.
function url_is_external($path) {
$colonpos = strpos($path, ':');
// Some browsers treat \ as / so normalize to forward slashes.
$path = str_replace('\\', '/', $path);
// If the path starts with 2 slashes then it is always considered an external
// URL without an explicit protocol part.
return strpos($path, '//') === 0 || preg_match('/^\\p{C}/u', $path) !== 0 || $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path;
}