function url_is_external

1 common.inc url_is_external($path)

Returns TRUE if a path is external to Backdrop (e.g. http://example.com).

If a path cannot be assessed by Backdrop's menu handler, then we must treat it as potentially insecure.

Parameters

$path: The internal path or external URL being linked to, such as "node/34" or "http://example.com/foo".

Return value

Boolean TRUE or FALSE, where TRUE indicates an external path.:

13 calls to url_is_external()

backdrop_deliver_html_page in core/includes/common.inc: Packages and sends the result of a page callback to the browser as HTML.
backdrop_goto in core/includes/common.inc: Sends the user to a different page.
backdrop_valid_path in core/includes/path.inc: Checks a path exists and the current user has access to it.
CommonURLUnitTestCase::testBackdropParseUrl in core/modules/simpletest/tests/common.test: Test backdrop_parse_url().
DashboardWelcomeBlock::filterAvailableLinks in core/modules/dashboard/includes/block.welcome.inc: Checks access to paths and returns an HTML list of links.

... See full list

1 string reference to 'url_is_external'

field_ui_next_destination in core/modules/field_ui/field_ui.admin.inc: Returns the next redirect path in a multipage sequence.

File

core/includes/common.inc, line 2800: Common functions that many Backdrop modules will need to reference.

Code

function url_is_external($path) {
  $path = (string) $path;
  $colon_position = strpos($path, ':');
  // Some browsers treat \ as / so normalize to forward slashes.
  $path = str_replace('\\', '/', $path);
  // Avoid calling backdrop_strip_dangerous_protocols(). If the path starts with
  // 2 slashes then it is always considered an external URL without an explicit
  // protocol part.
  return (strpos($path, '//') === 0)
    // Leading control characters may be ignored or mishandled by browsers, so
    // assume such a path may lead to an external location. The \p{C} character
    // class matches all UTF-8 control, unassigned, and private characters.
    || (preg_match('/^\p{C}/u', $path) !== 0)
    // If there is any slash (/), hash (#) or question_mark (?) before the colon
    // (:) occurrence - if any - as this would clearly mean it is not a URL.
    || ($colon_position !== FALSE
    && !preg_match('![/?#]!', substr($path, 0, $colon_position))
    && backdrop_strip_dangerous_protocols($path) == $path);
}