Documentation & API reference
function url_is_external
Returns TRUE if a path is external to Drupal (e.g. http://example.com).
If a path cannot be assessed by Drupal's menu handler, then we must treat it as potentially insecure.
Parameters
$path: The internal path or external URL being linked to, such as "node/34" or "http://example.com/foo".
Return value
Boolean TRUE or FALSE, where TRUE indicates an external path.
7 calls to url_is_external()
- drupal_goto in drupal/
core/ includes/ common.inc - Sends the user to a different Drupal page.
- drupal_valid_path in drupal/
core/ includes/ path.inc - Checks a path exists and the current user has access to it.
- form_builder in drupal/
core/ includes/ form.inc - Builds and processes all elements in the structured form array.
- MenuLinkFormController::validate in drupal/
core/ modules/ menu_link/ lib/ Drupal/ menu_link/ MenuLinkFormController.php - Overrides EntityFormController::validate().
- MenuLinkStorageController::preSave in drupal/
core/ modules/ menu_link/ lib/ Drupal/ menu_link/ MenuLinkStorageController.php - Overrides DatabaseStorageController::preSave().
File
- drupal/
core/ includes/ common.inc, line 1402 - Common functions that many Drupal modules will need to reference.
Code
function url_is_external($path) {
$colonpos = strpos($path, ':');
// Avoid calling drupal_strip_dangerous_protocols() if there is any
// slash (/), hash (#) or question_mark (?) before the colon (:)
// occurrence - if any - as this would clearly mean it is not a URL.
return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path;
}