From e4afcae139ec1770a27ff9e2fc3d8bfbd858b04f Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 9 Jun 2010 14:55:30 +0000
Subject: - Patch #819844 by agentrickard: better documentation for
 url_is_external().

---
 includes/common.inc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/includes/common.inc b/includes/common.inc
index a301f3404..13d9862b8 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -2091,7 +2091,16 @@ function url($path = NULL, array $options = array()) {
 }
 
 /**
- * Return TRUE if a path is external (e.g. http://example.com).
+ * Return TRUE if a path is external to Drupal (e.g. http://example.com).
+ *
+ * If a path cannot be assessed by Drupal's menu handler, then we must
+ * treat it as potentially insecure.
+ *
+ * @param $path
+ *   The internal path or external URL being linked to, such as "node/34" or
+ *   "http://example.com/foo".
+ * @return 
+ *   Boolean TRUE or FALSE, where TRUE indicates an external path.
  */
 function url_is_external($path) {
   $colonpos = strpos($path, ':');
-- 
cgit v1.2.3