Error message
You are browsing documentation for drupal 7.x, which is not supported anymore. Read the updated version of this page for drupal 11.x (the latest version).function url_is_external
Returns TRUE if a path is external to Drupal (e.g. http://example.com).
If a path cannot be assessed by Drupal's menu handler, then we must treat it as potentially insecure.
Parameters
$path: The internal path or external URL being linked to, such as "node/34" or "http://example.com/foo".
Return value
Boolean TRUE or FALSE, where TRUE indicates an external path.
7 calls to url_is_external()
- drupal_deliver_html_page in includes/
common.inc - Packages and sends the result of a page callback to the browser as HTML.
- drupal_goto in includes/
common.inc - Sends the user to a different page.
- drupal_valid_path in includes/
path.inc - Checks a path exists and the current user has access to it.
- form_builder in includes/
form.inc - Builds and processes all elements in the structured form array.
- menu_edit_item_validate in modules/
menu/ menu.admin.inc - Validate form values for a menu link being added or edited.
1 string reference to 'url_is_external'
- field_ui_next_destination in modules/
field_ui/ field_ui.admin.inc - Returns the next redirect path in a multipage sequence.
File
-
includes/
common.inc, line 2436
Code
function url_is_external ($path) {
$path = (string) $path;
$colonpos = strpos ($path, ':');
// Some browsers treat \ as / so normalize to forward slashes.
$path = str_replace ('\\', '/', $path);
// If the path starts with 2 slashes then it is always considered an external
// URL without an explicit protocol part.
return strpos ($path, '//') === 0 || preg_match ('/^\\p{C}/u', $path) !== 0 || $colonpos !== FALSE && !preg_match ('![/?#]!', substr ($path, 0, $colonpos)) && drupal_strip_dangerous_protocols ($path) == $path;
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.