Programming 101: never assume data passed is valid
Seriously, never, ever assume that any data passed is going to be valid. In security sensitive code like this, the data should always be treated with some suspicion and be validated at the beginning and end of every function that handles it.
I would assume that the URL parsing function would strip the protocol from the beginning, which would leave you with [null] after URL decoding and thus an empty string. The calling function should have noticed that it received an empty string and ignore, and continued o its merry way with the next URL it detects.