"), '', $url); // 使用正则提取纯URL if (preg_match('/(https?:\/\/[^\s\"\'<>]+)/i', $url, $matches)) { $url = $matches[1]; } // 最终过滤和验证 $url = filter_var($url, FILTER_SANITIZE_URL); if (!preg_match('/^https?:\/\//i', $url)) { $url = 'http://' . ltrim($url, '/'); } return rtrim($url, '/'); } // 极端严格的文本清理(用于导出) function flm_sanitize_export_text($text) { if (empty($text)) return ''; // 彻底移除所有HTML/JavaScript代码 $text = html_entity_decode($text); $text = strip_tags($text); $text = str_replace(array("\r", "\n", "\t", "\\", "'", '"', "<", ">"), '', $text); return sanitize_text_field($text); } // 管理页面内容 function flm_admin_page() { global $wpdb; $table_name = $wpdb->prefix . 'friend_links'; // 显示警告信息 echo '

警告:禁用该插件将删除所有链接数据,请在禁用前导出包含链接的CSV文件!

'; // 处理表单提交 if (isset($_POST['flm_action'])) { check_admin_referer('flm_nonce'); switch ($_POST['flm_action']) { case 'add_link': if (!empty($_POST['name']) && !empty($_POST['url'])) { $name = sanitize_text_field($_POST['name']); $url = esc_url_raw($_POST['url']); $icon = !empty($_POST['icon']) ? esc_url_raw($_POST['icon']) : flm_get_favicon($url); $existing = $wpdb->get_row($wpdb->prepare( "SELECT id FROM $table_name WHERE url = %s", $url )); if (!$existing) { $wpdb->insert($table_name, array( 'name' => $name, 'url' => $url, 'icon' => $icon, 'sort_order' => 0 )); echo '

链接添加成功!

'; } else { echo '

该URL的链接已存在!

'; } } break; case 'update_links': if (!empty($_POST['link_ids'])) { foreach ($_POST['link_ids'] as $index => $id) { $wpdb->update($table_name, array( 'name' => sanitize_text_field($_POST['link_names'][$index]), 'url' => esc_url_raw($_POST['link_urls'][$index]), 'icon' => esc_url_raw($_POST['link_icons'][$index]), 'sort_order' => $index ), array('id' => intval($id))); } echo '

链接更新成功!

'; } break; case 'delete_link': if (!empty($_POST['link_id'])) { $wpdb->delete($table_name, array('id' => intval($_POST['link_id']))); echo '

链接删除成功!

'; } break; case 'export_links': $links = $wpdb->get_results("SELECT name, url, icon FROM $table_name ORDER BY sort_order ASC"); // 清除所有输出缓冲 while (ob_get_level()) { ob_end_clean(); } header('Content-Type: text/csv; charset=utf-8'); header('Content-Disposition: attachment; filename=friend-links-export-' . date('Y-m-d') . '.csv'); header('Pragma: no-cache'); header('Expires: 0'); $output = fopen('php://output', 'w'); // 添加BOM头解决中文乱码 fwrite($output, chr(0xEF).chr(0xBB).chr(0xBF)); // 只写入三列标题 fputcsv($output, array( '网站名称', '网站URL', '图标URL' )); foreach ($links as $link) { // 对每列数据应用极端清理 fputcsv($output, array( flm_sanitize_export_text($link->name), flm_sanitize_export_url($link->url), flm_sanitize_export_url($link->icon) )); } fclose($output); exit; break; case 'import_links': if (!empty($_FILES['import_file']['tmp_name'])) { $file = $_FILES['import_file']['tmp_name']; $handle = fopen($file, 'r'); $import_count = 0; $update_count = 0; $error_count = 0; // 跳过标题行 fgetcsv($handle); while (($data = fgetcsv($handle)) !== false) { if (count($data) < 2 || empty($data[0]) || empty($data[1])) { $error_count++; continue; } $name = sanitize_text_field($data[0]); $url = esc_url_raw($data[1]); $icon = isset($data[2]) ? esc_url_raw($data[2]) : flm_get_favicon($data[1]); if (!filter_var($url, FILTER_VALIDATE_URL)) { $error_count++; continue; } if (!empty($name) && !empty($url)) { $existing = $wpdb->get_row($wpdb->prepare( "SELECT id FROM $table_name WHERE url = %s", $url )); if ($existing) { $wpdb->update($table_name, array( 'name' => $name, 'icon' => $icon ), array('id' => $existing->id)); $update_count++; } else { $wpdb->insert($table_name, array( 'name' => $name, 'url' => $url, 'icon' => $icon, 'sort_order' => 0 )); $import_count++; } } } fclose($handle); $message = sprintf( '导入完成!新增 %d 条链接,更新 %d 条已有链接', $import_count, $update_count ); if ($error_count > 0) { $message .= sprintf(',跳过 %d 条格式不正确的记录', $error_count); } echo '

' . $message . '

'; } break; } } // 获取所有链接 $links = $wpdb->get_results("SELECT * FROM $table_name ORDER BY sort_order ASC"); ?>

友情链接管理

添加新链接

留空将自动获取favicon

链接列表

导入/导出

导出的CSV文件将只包含三列数据:网站名称、网站URL、图标URL

请选择包含三列数据的CSV文件(网站名称、网站URL、图标URL)

prefix . 'friend_links'; $wpdb->delete($table_name, array('id' => intval($_POST['link_id']))); wp_send_json_success(); } wp_send_json_error(); }