diff options
Diffstat (limited to 'includes/common.inc')
| -rw-r--r-- | includes/common.inc | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index a301f3404..13d9862b8 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -2091,7 +2091,16 @@ function url($path = NULL, array $options = array()) { } /** - * Return TRUE if a path is external (e.g. http://example.com). + * Return TRUE if a path is external to Drupal (e.g. http://example.com). + * + * If a path cannot be assessed by Drupal's menu handler, then we must + * treat it as potentially insecure. + * + * @param $path + * The internal path or external URL being linked to, such as "node/34" or + * "http://example.com/foo". + * @return + * Boolean TRUE or FALSE, where TRUE indicates an external path. */ function url_is_external($path) { $colonpos = strpos($path, ':'); |