From facf3625d0cf6be7c5b454a3dad33c9faf713755 Mon Sep 17 00:00:00 2001
From: ivanviduka <viduka.ivan@gmail.com>
Date: Fri, 3 May 2024 14:25:07 +0200
Subject: [PATCH 1/5] Fixed errors from plugin checker, additional check for
 actions which should be done only by admin

---
 purgely.php                            |  19 +-
 readme.txt                             |   8 +-
 src/classes/api.php                    |   2 +-
 src/classes/edgemodules.php            | 116 ++++++-----
 src/classes/purge-request.php          |   3 -
 src/classes/related-surrogate-keys.php |   1 -
 src/classes/vcl-handler.php            |   6 +-
 src/settings-page.php                  | 272 ++++++++++++++-----------
 src/utils.php                          |  29 +--
 src/wp-cli.php                         |  18 +-
 10 files changed, 267 insertions(+), 207 deletions(-)

diff --git a/purgely.php b/purgely.php
index 9be6cef..a1a2d8a 100644
--- a/purgely.php
+++ b/purgely.php
@@ -4,7 +4,7 @@
 Plugin URI: http://fastly.com/
 Description: Configuration and cache purging for the Fastly CDN.
 Authors: Zack Tollman (github.com/tollmanz), WIRED Tech Team (github.com/CondeNast) & Fastly
-Version: 1.2.25
+Version: 1.2.26
 Author URI: http://fastly.com/
 */
 
@@ -62,7 +62,7 @@ class Purgely
      *
      * @var   string    Plugin version.
      */
-    var $version = '1.2.25';
+    var $version = '1.2.26';
 
     /**
      * Currently installed plugin version.
@@ -190,10 +190,6 @@ public function __construct()
             }
         }
 
-        if (is_admin()) {
-            include $this->src_dir . '/settings-page.php';
-        }
-
         // First install DB schema changes
         $upgrades = new Upgrades($this);
         $upgrades->check_and_run_upgrades();
@@ -248,6 +244,7 @@ public function __construct()
 
         // Load the textdomain.
         add_action('plugins_loaded', array($this, 'load_plugin_textdomain'));
+        add_action('plugins_loaded', array($this, 'load_admin_settings'));
 
         // Load custom JS for EdgeModules
         add_action( 'admin_enqueue_scripts', array($this, 'enqueue_admin_script_edgemodules'));
@@ -370,6 +367,13 @@ public function load_plugin_textdomain()
         load_plugin_textdomain('purgely', false, basename(dirname(__FILE__)) . '/languages/');
     }
 
+    public function load_admin_settings()
+    {
+        if (is_admin()) {
+            include $this->src_dir . '/settings-page.php';
+        }
+    }
+
     /**
      * Initialize Fastly custom cache tags taxonomy
      */
@@ -561,8 +565,7 @@ function fastly_io_pixel_ratios_the_content_filter($content) {
     function fastly_edge_modules() {
         $result = [];
         foreach ( glob( $this->edge_modules_dir . "/*.json" ) as $file ) {
-            if (is_file($file) && $contents = file_get_contents($file)) {
-                $json = json_decode($contents);
+            if (is_file($file) && $json = wp_json_file_decode($file)) {
                 $result[$json->id] = $json;
             }
         }
diff --git a/readme.txt b/readme.txt
index d12409c..f62dbf3 100644
--- a/readme.txt
+++ b/readme.txt
@@ -2,8 +2,8 @@
 Contributors: Fastly, Inchoo, CondeNast
 Tags: fastly, cdn, performance, speed, spike, spike-protection, caching, dynamic, comments, ddos
 Requires at least: 4.6.2
-Tested up to: 6.4.2
-Stable tag: trunk
+Tested up to: 6.5.2
+Stable tag: 1.2.26
 License: GPLv2
 
 Integrates Fastly with WordPress publishing tools.
@@ -118,6 +118,10 @@ Note: you may have to disable other caching plugins like W3TotalCache to avoid g
 
 == Changelog ==
 
+= 1.2.26
+
+* Code cleanup, improvements in data sanitization and escaping input
+
 = 1.2.25
 
 * Assignment fix for constants https://github.com/fastly/WordPress-Plugin/pull/99
diff --git a/src/classes/api.php b/src/classes/api.php
index 289f6f2..b81cb30 100644
--- a/src/classes/api.php
+++ b/src/classes/api.php
@@ -204,7 +204,7 @@ public function error_notice()
     {
         ?>
         <div class="error notice">
-            <p><?php _e( $this->error_message); ?></p>
+            <p><?php esc_html( $this->error_message ); ?></p>
         </div>
         <?php
     }
diff --git a/src/classes/edgemodules.php b/src/classes/edgemodules.php
index 8660a8a..b9cfca8 100644
--- a/src/classes/edgemodules.php
+++ b/src/classes/edgemodules.php
@@ -37,8 +37,8 @@ public function renderSettings()
         <div class="wrap">
             <div id="fastly-admin" class="wrap">
                 <h1>
-                    <img alt="fastly" src="<?php echo FASTLY_PLUGIN_URL . 'static/logo_white.gif'; ?>"><br>
-                    <span style="font-size: x-small;">version: <?php echo FASTLY_VERSION; ?></span>
+                    <img alt="fastly" src="<?php echo esc_attr( FASTLY_PLUGIN_URL . 'static/logo_white.gif' ); ?>"><br>
+                    <span style="font-size: x-small;">version: <?php echo esc_html( FASTLY_VERSION ); ?></span>
                 </h1>
             </div>
             Fastly Edge Modules is a framework that allows you to enable specific functionality on Fastly without needing to write any VCL code.
@@ -50,19 +50,20 @@ public function renderSettings()
                 <?php foreach ($modules as $module): ?>
                     <tr>
                         <td>
-                            <strong><?php echo $module->name; ?></strong><br>
+                            <strong><?php echo esc_html( $module->name ); ?></strong><br>
                             <p>
-                                <em><?php echo $module->description; ?></em>
+                                <em><?php echo esc_html( $module->description ); ?></em>
                             </p>
                         </td>
                         <td nowrap="nowrap">
                             <em>
-                                <strong><?php echo (isset($module->enabled) && $module->enabled) ? __('Enabled') : __('Disabled'); ?></strong><br>
-                                Uploaded: <?php echo isset($module->data['uploaded_at']) ? date ( 'Y/m/d' , strtotime($module->data['uploaded_at'])) : __('never'); ?>
+                                <strong><?php echo (isset($module->enabled) && $module->enabled) ? esc_html__('Enabled', 'purgely') : esc_html__('Disabled', 'purgely'); ?></strong><br>
+                                Uploaded: <?php echo isset($module->data['uploaded_at']) ? esc_html( gmdate('Y/m/d' , strtotime($module->data['uploaded_at'] ) ) ) : esc_html__('never', 'purgely'); ?>
                             </em>
                         </td>
                         <td nowrap="nowrap">
-                            <a href="#TB_inline?&width=800&inlineId=fastly-edge-module-<?php echo $module->id; ?>" title="<?php echo $module->name; ?>" class="button thickbox">Manage</a>
+                            <a href="#TB_inline?&width=800&inlineId=fastly-edge-module-<?php echo esc_attr( $module->id ); ?>"
+                               title="<?php echo esc_attr( $module->name ); ?>" class="button thickbox">Manage</a>
                         </td>
                     </tr>
                 <?php endforeach; ?>
@@ -71,15 +72,15 @@ public function renderSettings()
             <span class="spinner" id="html-popup-spinner" style="position: absolute; top:0;left:0;width:100%;height:100%;margin:0; background-color: #fff; background-position:center;"></span>
         </div>
         <?php foreach ($modules as $module): ?>
-        <div id="fastly-edge-module-<?php echo $module->id; ?>"style="display:none;">
+        <div id="fastly-edge-module-<?php echo esc_attr( $module->id ); ?>" style="display:none;">
             <form action="<?php menu_page_url( 'fastly-edge-modules' ) ?>" onsubmit="return EdgeModules.submit(this)" method="post">
-                <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('fastly-edge-modules'); ?>">
-                <input type="hidden" id="<?php echo "{$module->id}-key"; ?>" value='<?php echo $module->id; ?>'>
-                <input type="hidden" id="<?php echo "{$module->id}-vcl"; ?>" value='<?php echo rawurlencode(json_encode($module->vcl)); ?>'>
-                <input type="hidden" id="<?php echo "{$module->id}-snippet"; ?>" name="<?php echo "{$module->id}[snippet]"; ?>">
+                <input type="hidden" name="nonce" value="<?php echo esc_attr( wp_create_nonce('fastly-edge-modules') ); ?>">
+                <input type="hidden" id="<?php echo esc_attr( "$module->id-key" ); ?>" value='<?php echo esc_attr( $module->id ); ?>'>
+                <input type="hidden" id="<?php echo esc_attr( "$module->id-vcl" ); ?>" value='<?php echo rawurlencode( wp_json_encode($module->vcl) ); ?>'>
+                <input type="hidden" id="<?php echo esc_attr( "$module->id-snippet" ); ?>" name="<?php echo esc_attr( "$module->id[snippet]" ); ?>">
                 <table class="form-table">
                     <tbody>
-                    <?php if($module->properties): ?>
+                    <?php if( !empty($module->properties) ): ?>
                         <?php foreach($module->properties as $property): ?>
                             <?php if($property->type === 'group'): ?>
                                 <?php $this->renderGroup($property, (isset($module->data[$property->name])) ? $module->data[$property->name] : null, $module->id); ?>
@@ -93,7 +94,7 @@ public function renderSettings()
                         <tr>
                             <td>
                                 <span class="submitbox">
-                                    <a class="submitdelete" href="#" onclick="return EdgeModules.disableModule('<?php echo $module->id; ?>')">Disable</a>
+                                    <a class="submitdelete" href="#" onclick="return EdgeModules.disableModule('<?php echo esc_attr( $module->id ); ?>')">Disable</a>
                                 </span>
                             </td>
                             <td>
@@ -103,12 +104,12 @@ public function renderSettings()
                     </tfoot>
                 </table>
             </form>
-            <form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" id="<?php echo "{$module->id}-disable-form"; ?>" method="post" style="display: none;">
-                <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('fastly-edge-modules-disable'); ?>">
+            <form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" id="<?php echo esc_attr( "$module->id-disable-form" ); ?>" method="post" style="display: none;">
+                <input type="hidden" name="nonce" value="<?php echo esc_attr( wp_create_nonce('fastly-edge-modules-disable') ); ?>">
                 <input type="hidden" name="action" value="fastly_module_disable_form">
-                <input type="hidden" name="module_name" value='<?php echo $module->id; ?>'>
+                <input type="hidden" name="module_name" value='<?php echo esc_attr( $module->id ); ?>'>
                 <?php for ($i = 0; $i < count($module->vcl); $i++): ?>
-                    <input type="hidden" name="types[<?php echo $i; ?>]" value='<?php echo $module->vcl[$i]->type; ?>'>
+                    <input type="hidden" name="types[<?php echo esc_attr( $i ); ?>]" value='<?php echo esc_attr( $module->vcl[$i]->type ); ?>'>
                 <?php endfor; ?>
             </form>
         </div>
@@ -121,7 +122,7 @@ protected function getModulesWithData()
         $apiData = fastly_api()->get_all_snippets();
         $localData = get_option(self::SETTINGS, []);
         return array_map(function ($module) use ($apiData, $localData) {
-            $module->data = isset($localData[$module->id]) ? $localData[$module->id] : [];
+            $module->data = $localData[$module->id] ?? [];
             $query = self::EDGE_PREFIX.'_'.$module->id;
             foreach ($apiData as $apiModule) {
                 if (substr($apiModule->name, 0, strlen($query)) === $query) {
@@ -141,19 +142,19 @@ protected function renderGroup($group, $values, $suffix)
         <tr>
             <th rowspan="2">
                 <label>
-                    <?php echo __($group->label); ?>
+                    <?php echo esc_html( $group->label ); ?>
                 </label>
             </th>
             <td>
-                <a href="#" title="Add group" class="button" onclick="return EdgeModules.addGroup('<?php echo $suffix; ?>', '<?php echo $name; ?>')">Add group</a>
+                <a href="#" title="Add group" class="button" onclick="return EdgeModules.addGroup('<?php echo esc_attr( $suffix ); ?>', '<?php echo esc_attr( $name ); ?>')">Add group</a>
             </td>
         </tr>
         <tr>
             <td>
-                <?php for ($i = 0; $i < count($values); $i++): ?>
-                    <?php $this->renderGroupProperties($group->properties, $values[$i], "{$name}[$i]", "{$suffix}-{$i}"); ?>
-                <?php endfor; ?>
-                <template id="<?php echo $suffix.'-template'; ?>">
+                <?php foreach ($values as $key => $value): ?>
+                    <?php $this->renderGroupProperties($group->properties, $value, "{$name}[$key]", "{$suffix}-{$key}"); ?>
+                <?php endforeach; ?>
+                <template id="<?php echo esc_attr( "$suffix-template" ); ?>">
                     <?php $this->renderGroupProperties($group->properties, [], "{$name}[x]", 'container'); ?>
                 </template>
             </td>
@@ -164,11 +165,11 @@ protected function renderGroup($group, $values, $suffix)
     protected function renderGroupProperties($properties, $values, $name, $id)
     {
         ?>
-        <div id="<?php echo $id; ?>">
+        <div id="<?php echo esc_attr( $id ); ?>">
             <table class="form-table">
                 <tbody>
                 <?php foreach($properties as $property): ?>
-                    <?php $this->renderProperty($name, $property, $values[$property->name]); ?>
+                    <?php $this->renderProperty($name, $property, $values[$property->name] ?? ""); ?>
                 <?php endforeach; ?>
                 </tbody>
             </table>
@@ -185,13 +186,13 @@ protected function renderProperty($name, $property, $value)
         ?>
         <tr>
             <th>
-                <label for="<?php echo $property->name; ?>">
-                    <?php echo __($property->label); ?>
+                <label for="<?php echo esc_attr( $property->name ); ?>">
+                    <?php echo esc_html( $property->label ); ?>
                 </label>
             </th>
             <td>
-                <?php echo $this->renderField($name, $property, $value); ?>
-                <p><small><em><?php echo $property->description; ?></em></small></p>
+                <?php $this->renderField($name, $property, $value); ?>
+                <p><small><em><?php echo esc_html( $property->description ?? "" ); ?></em></small></p>
             </td>
         </tr>
         <?php
@@ -211,42 +212,49 @@ protected function renderField($name, $property, $value = null)
 
         switch ($property->type) {
             case 'acl':
-                $options = '';
+                echo "<select style='width: 100%;' id=' " . esc_attr($id) . "' name='" . esc_attr($name) . "' " . esc_attr($required) . ">";
                 foreach ($this->getAcls() as $acl) {
                     $selected = $acl->name === $value ? 'selected' : '';
-                    $options .= "<option value='$acl->name' {$selected}>{$acl->name}</option>";
-                };
-                return "<select style='width: 100%;' id='{$id}' name='{$name}' {$required}>{$options}</select>";
+                    echo "<option value='" . esc_attr($acl->name) . "' " . esc_attr($selected) . ">" . esc_html($acl->name) . "</option>";
+                }
+                echo "</select>";
+                break;
             case 'dict':
-                $options = '';
+                echo "<select style='width: 100%;' id=' " . esc_attr($id) . "' name='" . esc_attr($name) . "' " . esc_attr($required) . ">";
                 foreach ($this->getDictionaries() as $dictionary) {
                     $selected = $dictionary->name === $value ? 'selected' : '';
-                    $options .= "<option value='$dictionary->name' {$selected}>{$dictionary->name}</option>";
-                };
-                return "<select style='width: 100%;' id='{$id}' name='{$name}' {$required}>{$options}</select>";
+                    echo "<option value='" . esc_attr($dictionary->name) . "' " . esc_attr($selected) . ">" . esc_html($dictionary->name) . "</option>";
+                }
+                echo "</select>";
+                break;
             case 'select':
-                $options = '';
+                echo "<select style='width: 100%;' id=' " . esc_attr($id) . "' name='" . esc_attr($name) . "' " . esc_attr($required) . ">";
                 foreach ((array) $property->options as $k => $label) {
                     $selected = $k === $value ? 'selected' : '';
-                    $options .= "<option value='{$k}' {$selected}>{$label}</option>";
-                };
-                return "<select style='width: 100%;' id='{$id}' name='{$name}' {$required}>{$options}</select>";
+                    echo "<option value='" . esc_attr($k). "' " . esc_attr($selected) . ">" . esc_html($label) . "</option>";
+
+                }
+                echo "</select>";
+                break;
             case 'boolean':
-                $value = $value === 'true';
-                $options = implode('', [
-                    "<option value='' ".(!$value ? 'selected' : '').">No</option>",
-                    "<option value='1' ".($value ? 'selected' : '').">Yes</option>",
-                ]);
-                return "<select style='width: 100%;' id='{$id}' name='{$name}'>{$options}</select>";
+                echo "<select style='width: 100%;' id=' " . esc_attr($id) . "' name='" . esc_attr($name) . "' " . esc_attr($required) . ">";
+
+                echo"<option value='0' ".(!$value ? 'selected' : '').">No</option>" .
+                    "<option value='1' ".($value ? 'selected' : '').">Yes</option>";
+                echo "</select>";
+                break;
             case 'integer':
             case 'float':
-                $type = 'number';
-                return "<input style='width: 100%;' type='{$type}' id='{$id}' name='{$name}' value='{$value}' {$required}/>";
+                echo "<input style='width: 100%;' type='number' id='" . esc_attr($id) . "' name='" . esc_attr($name) .
+                    "' value='" . esc_attr($value) . "'" .  esc_attr($required) . "/>";
+                break;
             case 'string':
             case 'path':
             default:
-                $type = 'text';
-                return "<input style='width: 100%;' type='{$type}' id='{$id}' name='{$name}' value='{$value}' {$required}/>";
+
+            echo "<input style='width: 100%;' type='text' id='" . esc_attr($id) . "' name='" . esc_attr($name) .
+                "' value='" . esc_attr($value) . "'" .  esc_attr($required) . "/>";
+                break;
         }
     }
 
@@ -294,7 +302,7 @@ public function processFormSubmission($data)
         $currentData = get_option(self::SETTINGS, []);
         $data = array_merge($currentData , array_map(function ($d) {
             unset($d['snippet']);
-            $d['uploaded_at'] = date(DATE_ISO8601);
+            $d['uploaded_at'] = gmdate(DATE_ISO8601);
             return $d;
         }, $data));
         update_option(self::SETTINGS, $data);
diff --git a/src/classes/purge-request.php b/src/classes/purge-request.php
index 4e4b903..94bdae3 100644
--- a/src/classes/purge-request.php
+++ b/src/classes/purge-request.php
@@ -120,13 +120,10 @@ protected function _build_request_uri_for_purge($type)
         switch ($type) {
             case 'key-collection':
                 return trailingslashit($api_endpoint) . 'service/' . $fastly_service_id . '/purge';
-                break;
             case 'url':
                 return $this->get_thing();
-                break;
             case 'all':
                 return trailingslashit($api_endpoint) . 'service/' . $fastly_service_id . '/purge_all';
-                break;
             default :
                 return false;
         }
diff --git a/src/classes/related-surrogate-keys.php b/src/classes/related-surrogate-keys.php
index f8f371e..32dad84 100644
--- a/src/classes/related-surrogate-keys.php
+++ b/src/classes/related-surrogate-keys.php
@@ -157,7 +157,6 @@ public function locate_author_surrogate_key($post_id)
     {
 
         if ($post = $this->get_post($post_id)) {
-            $post->post_author;
             $key = 'a-' . absint($post->post_author);
             $this->_collection[] = $key;
         }
diff --git a/src/classes/vcl-handler.php b/src/classes/vcl-handler.php
index cbc9f64..8b7fec2 100644
--- a/src/classes/vcl-handler.php
+++ b/src/classes/vcl-handler.php
@@ -70,7 +70,7 @@ public function __construct($data)
 
         $connection = test_fastly_api_connection($this->_hostname, $this->_service_id, $this->_api_key);
         if (!$connection['status']) {
-            $this->add_error(__($connection['message']));
+            $this->add_error($connection['message']);
             return;
         }
 
@@ -252,7 +252,9 @@ public function prepare_vcl()
                 }
 
                 if (file_exists($single_vcl_data['vcl_dir'] . DIRECTORY_SEPARATOR . $single_vcl_data['type'] . '.vcl')) {
-                    $single_vcl_data['content'] = file_get_contents($single_vcl_data['vcl_dir'] . DIRECTORY_SEPARATOR . $single_vcl_data['type'] . '.vcl');
+                    global $wp_filesystem;
+                    WP_Filesystem();
+                    $single_vcl_data['content'] = $wp_filesystem->get_contents( ($single_vcl_data['vcl_dir'] . DIRECTORY_SEPARATOR . $single_vcl_data['type'] . '.vcl') );
                     unset($single_vcl_data['vcl_dir']);
                 } else {
                     $this->add_error(__('VCL file does not exist.'));
diff --git a/src/settings-page.php b/src/settings-page.php
index 0aba3cb..f732c83 100644
--- a/src/settings-page.php
+++ b/src/settings-page.php
@@ -47,17 +47,20 @@ public static function instance()
      */
     public function __construct()
     {
-        add_action('admin_menu', array($this, 'add_admin_menu'));
-        add_action('admin_menu', array($this, 'settings_init'));
-        add_action('admin_notices', array($this, 'fastly_admin_notices'));
-        add_action('wp_ajax_test_fastly_connection', array($this, 'test_fastly_connection_callback'));
-        add_action('wp_ajax_fastly_vcl_update_ok', array($this, 'fastly_vcl_update_ok_callback'));
-        add_action('wp_ajax_fastly_html_update_ok', array($this, 'fastly_html_update_ok_callback'));
-        add_action('wp_ajax_fastly_io_update_ok', array($this, 'fastly_io_update_ok_callback'));
-        add_action('wp_ajax_purge_by_url', array($this, 'fastly_purge_by_url_callback'));
-        add_action('wp_ajax_test_fastly_webhooks_connection', array($this, 'test_fastly_webhooks_connection_callback'));
-        add_action('wp_ajax_purge_all', array($this, 'purge_all_callback'));
-        add_action( 'admin_post_fastly_module_disable_form', array($this, 'options_page_edgemodules_submit_disable') );
+
+        if ( current_user_can('administrator') ) {
+            add_action('admin_menu', array($this, 'add_admin_menu'));
+            add_action('admin_menu', array($this, 'settings_init'));
+            add_action('admin_notices', array($this, 'fastly_admin_notices'));
+            add_action('wp_ajax_purge_all', array($this, 'purge_all_callback'));
+            add_action('wp_ajax_test_fastly_connection', array($this, 'test_fastly_connection_callback'));
+            add_action('wp_ajax_fastly_vcl_update_ok', array($this, 'fastly_vcl_update_ok_callback'));
+            add_action('wp_ajax_fastly_html_update_ok', array($this, 'fastly_html_update_ok_callback'));
+            add_action('wp_ajax_fastly_io_update_ok', array($this, 'fastly_io_update_ok_callback'));
+            add_action('wp_ajax_purge_by_url', array($this, 'fastly_purge_by_url_callback'));
+            add_action('wp_ajax_test_fastly_webhooks_connection', array($this, 'test_fastly_webhooks_connection_callback'));
+            add_action( 'admin_post_fastly_module_disable_form', array($this, 'options_page_edgemodules_submit_disable') );
+        }
     }
 
     function fastly_admin_notices()
@@ -218,7 +221,7 @@ function settings_init()
 
         add_settings_field(
             'fastly_test_connection',
-            __('', 'purgely'),
+            '',
             array($this, 'fastly_test_connection_render'),
             'fastly-settings-general',
             'purgely-fastly_settings'
@@ -420,7 +423,7 @@ function settings_init()
 
         add_settings_field(
             'webhooks_test_connection',
-            __('', 'purgely'),
+            '',
             array($this, 'webhooks_test_connection_render'),
             'fastly-settings-webhooks',
             'purgely-webhooks_settings'
@@ -542,7 +545,15 @@ function settings_init()
      */
     public function fastly_settings_newcomers()
     {
-        echo __("New to Fastly? <a href='https://docs.fastly.com/guides/basic-setup/sign-up-and-create-your-first-service' target='_blank'>Sign up and get started!</a>", 'purgely');
+        printf(
+        /* translators: %s: Link to Fastly sign up */
+            esc_html__('New to Fastly? %s', 'purgely'),
+            sprintf(
+                '<a href="%1$s" target="_blank">%2$s</a>',
+                'https://docs.fastly.com/guides/basic-setup/sign-up-and-create-your-first-service',
+                esc_html__('Sign up and get started', 'purgely')
+            )
+        );
     }
 
     /**
@@ -565,12 +576,13 @@ public function fastly_api_key_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-general[fastly_api_key]'
-               value='<?php echo esc_attr($options['fastly_api_key']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['fastly_api_key']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <em><strong><?php esc_html_e('Required for surrogate key and full cache purges', 'purgely'); ?></strong></em>
         <p class="description">
             <?php esc_html_e('API token for the Fastly account associated with this site.', 'purgely'); ?>
             <?php
             printf(
+            /* translators: %s: Link to Fastly account management details */
                 esc_html__('Please see Fastly\'s documentation for %s.', 'purgely'),
                 sprintf(
                     '<a href="%1$s" target="_blank">%2$s</a>',
@@ -593,13 +605,14 @@ public function fastly_service_id_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-general[fastly_service_id]'
-               value='<?php echo esc_attr($options['fastly_service_id']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['fastly_service_id']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <em><strong><?php esc_html_e('Required for surrogate key and full cache purges', 'purgely'); ?></strong></em>
         <p class="description">
             <?php esc_html_e('Fastly service ID for this site.', 'purgely'); ?>
             <?php
             printf(
-                esc_html__('Please see Fastly\'s documentation for %s.', 'purgely'),
+            /* translators: %s: Link to Fastly account management details */
+            esc_html__('Please see Fastly\'s documentation for %s.', 'purgely'),
                 sprintf(
                     '<a href="%1$s" target="_blank">%2$s</a>',
                     'https://docs.fastly.com/guides/account-management-and-security/finding-and-managing-your-account-info#finding-your-service-id',
@@ -621,7 +634,7 @@ public function fastly_api_hostname_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-general[fastly_api_hostname]'
-               value='<?php echo esc_attr($options['fastly_api_hostname']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['fastly_api_hostname']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('API endpoint for this service.', 'purgely'); ?>
         </p>
@@ -636,7 +649,7 @@ public function fastly_api_hostname_render()
     public function fastly_vcl_update_render()
     {
         add_thickbox();
-        $message = __('Make sure you have proper credentials.');
+        $message = __('Make sure you have proper credentials.', 'purgely');
         $service_id = false;
         $vcl = new Vcl_Handler(array());
         $purgely_instance = Purgely::instance();
@@ -644,9 +657,11 @@ public function fastly_vcl_update_render()
 
         if (!is_null($vcl->_last_active_version_num) && !is_null($vcl->_next_cloned_version_num)) {
             $service_id = purgely_get_option('fastly_service_id');
-            $message = __("You are about to clone active version
-                        {$vcl->_last_active_version_num} for service <b>{$service_name}</b>.
-                        We'll upload VCL snippets to version {$vcl->_next_cloned_version_num}");
+            /* translators: %1\$s: current active VCL version, %2\$s: Fastly service name, %3\$s: new VCL version */
+            $message = sprintf(
+                __("You are about to clone active version %1\$s for service \"%2\$s\". We'll make changes to version %3\$s", 'purgely'),
+                $vcl->_last_active_version_num, $service_name, $vcl->_next_cloned_version_num
+            );
         } else {
             $errors = $vcl->get_errors();
             if (!empty($errors)) {
@@ -657,14 +672,14 @@ public function fastly_vcl_update_render()
         ?>
         <div id="vcl-popup-wrapper" style="display:none;">
             <div id="vcl-main-ui" style="relative;">
-                <p style="margin-bottom:0;padding-bottom:0;"><?php echo $message; ?></p>
+                <p style="margin-bottom:0;padding-bottom:0;"><?php echo esc_html( $message ); ?></p>
                 <?php if ($service_id) : ?>
                     <table class="form-table">
                         <tbody>
                         <tr>
                             <th>
                                 <label for="vcl_activate_new">
-                                    <?php echo __('Activate new version'); ?>
+                                    <?php echo esc_html__('Activate new version', 'purgely'); ?>
                                 </label>
                             </th>
                             <td>
@@ -677,16 +692,16 @@ public function fastly_vcl_update_render()
                     <div>
                         <input type="button" id="vcl-update-btn-ok" class="button button-primary"
                                style="margin-right: 1em;" onclick="vcl_step2()"
-                               value="<?php echo __('Save Changes'); ?>"/>
+                               value="<?php echo esc_attr__('Save Changes', 'purgely'); ?>"/>
                         <input type="button" id="vcl-update-btn-cancel" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Cancel'); ?>"/>
+                               value="<?php echo esc_attr__('Cancel', 'purgely'); ?>"/>
                     </div>
                     <span class="spinner" id="vcl-popup-spinner"
                           style="position: absolute; top:0;left:0;width:100%;height:100%;margin:0; background-color: #fff; background-position:center;"></span>
                 <?php else: ?>
                     <p>
                         <input type="button" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Close'); ?>"/>
+                               value="<?php echo esc_attr__('Close', 'purgely'); ?>"/>
                     </p>
                 <?php endif; ?>
             </div>
@@ -696,7 +711,7 @@ public function fastly_vcl_update_render()
                name="Confirm VCL Update" class='button button-secondary thickbox' id="vcl-update-btn">VCL UPDATE</a>
             <em class="description" id="vcl-update-response">
                 <strong style="padding-top: 5px; display: inline-block">
-                    <?php echo __('Make sure to save before proceeding'); ?>
+                    <?php echo esc_html__('Make sure to save before proceeding', 'purgely'); ?>
                 </strong>
             </em>
             <p class="description">
@@ -714,7 +729,7 @@ function vcl_step2() {
                 spinner.toggleClass('is-active');
                 jQuery.ajax({
                     method: 'GET',
-                    url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                    url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                     data: {
                         action: 'fastly_vcl_update_ok',
                         activate: activate
@@ -758,7 +773,7 @@ public function fastly_test_connection_render()
         <input type='button' class='button button-secondary' id="test-connection-btn" value="TEST CONNECTION"/>
         <em class="description" id="test-connection-response">
             <strong style="padding-top: 5px; display: inline-block">
-                <?php echo __('Make sure to save before proceeding'); ?>
+                <?php echo esc_html__('Make sure to save before proceeding', 'purgely'); ?>
             </strong>
         </em>
         <script type='text/javascript'>
@@ -766,7 +781,7 @@ public function fastly_test_connection_render()
                 jQuery('#test-connection-btn').click(function () {
                     $.ajax({
                         method: 'GET',
-                        url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                        url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                         data: {
                             action: 'test_fastly_connection'
                         },
@@ -800,7 +815,7 @@ public function webhooks_test_connection_render()
         <input type='button' class='button button-secondary' id="test-webhooks-connection-btn" value="TEST CONNECTION"/>
         <em class="description" id="test-connection-response">
             <strong>
-                <?php echo __('Make sure to save before proceeding'); ?>
+                <?php echo esc_html__('Make sure to save before proceeding', 'purgely'); ?>
             </strong>
         </em>
         <script type='text/javascript'>
@@ -808,7 +823,7 @@ public function webhooks_test_connection_render()
                 jQuery('#test-webhooks-connection-btn').click(function () {
                     $.ajax({
                         method: 'GET',
-                        url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                        url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                         data: {
                             action: 'test_fastly_webhooks_connection'
                         },
@@ -846,7 +861,7 @@ public function purge_all_render()
                 jQuery('#test-connection-btn').click(function () {
                     $.ajax({
                         method: 'GET',
-                        url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                        url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                         data: {
                             action: 'purge_all'
                         },
@@ -879,7 +894,7 @@ function test_fastly_connection_callback()
         $api_key = Purgely_Settings::get_setting('fastly_api_key');
 
         $result = test_fastly_api_connection($hostname, $service_id, $api_key);
-        echo json_encode($result);
+        echo wp_json_encode($result);
 
         die();
     }
@@ -912,12 +927,12 @@ function fastly_vcl_update_ok_callback()
             }
 
             if (is_array($result)) {
-                $result = array('status' => false, 'message' => __($result[0]));
+                $result = array('status' => false, 'message' => $result[0]);
             } else {
                 $result = array('status' => true, 'message' => $message);
             }
         }
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -939,7 +954,7 @@ function fastly_html_update_ok_callback()
 
         if(empty($html)) {
             $result = array('status' => false, 'message' => __('Please enter HTML in textarea.'));
-            echo json_encode($result);
+            echo wp_json_encode($result);
             die();
         }
 
@@ -954,12 +969,12 @@ function fastly_html_update_ok_callback()
         }
 
         if (is_array($result)) {
-            $result = array('status' => false, 'message' => __($result[0]));
+            $result = array('status' => false, 'message' => $result[0]);
         } else {
             $result = array('status' => true, 'message' => $message);
         }
 
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -987,12 +1002,12 @@ function fastly_io_update_ok_callback()
         }
 
         if (is_array($result)) {
-            $result = array('status' => false, 'message' => __($result[0]));
+            $result = array('status' => false, 'message' => $result[0]);
         } else {
             $result = array('status' => true, 'message' => $message);
         }
 
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -1002,20 +1017,29 @@ function fastly_io_update_ok_callback()
     function fastly_purge_by_url_callback()
     {
         $purge_url = $_GET['purge_url'];
-        $url = !empty($purge_url) ? $purge_url : false;
-        $result = array('status' => false, 'message' => __('Enter url you want to purge first.'));
-
-        if ($url) {
-            $purgely = new Purgely_Purge();
-            $response = $purgely->purge(Purgely_Purge::URL, $url);
-            if ($response) {
-                $result = array('status' => true, 'message' => __('Successfully purged!'));
-            } else {
-                $result = array('status' => false, 'message' => __('Error while purging, check logs.'));
-            }
+        $url = !empty($purge_url) ? sanitize_url( $purge_url ) : false;
+
+        if ( empty($url) ) {
+            $result = array('status' => false, 'message' => __('Enter url you want to purge first.'));
+            echo wp_json_encode($result);
+            die();
+        }
+
+        if ( strpos( $url, get_site_url()) !== 0) {
+            $result = array('status' => false, 'message' => __("Selected URL doesn't match site URL"));
+            echo wp_json_encode($result);
+            die();
+        }
+
+        $purgely = new Purgely_Purge();
+        $response = $purgely->purge(Purgely_Purge::URL, $url);
+        if ($response) {
+            $result = array('status' => true, 'message' => __('Successfully purged!'));
+        } else {
+            $result = array('status' => false, 'message' => __('Error while purging, check logs.'));
         }
 
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -1025,7 +1049,7 @@ function fastly_purge_by_url_callback()
     function test_fastly_webhooks_connection_callback()
     {
         $result = test_web_hook();
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -1036,7 +1060,7 @@ function purge_all_callback()
     {
 
         if (!Purgely_Settings::get_setting('allow_purge_all')) {
-            echo json_encode(array('status' => false, 'message' => __('Allow Full Cache Purges first.')));
+            echo wp_json_encode(array('status' => false, 'message' => __('Allow Full Cache Purges first.')));
             die();
         }
 
@@ -1048,7 +1072,7 @@ function purge_all_callback()
         } else {
             $result = array('status' => false, 'message' => __('Purging failed, check logs!'));
         }
-        echo json_encode($result);
+        echo wp_json_encode($result);
         die();
     }
 
@@ -1072,7 +1096,7 @@ public function surrogate_control_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-advanced[surrogate_control_ttl]'
-               value='<?php echo esc_attr($options['surrogate_control_ttl']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['surrogate_control_ttl']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Sets the "Surrogate-Control" header\'s "max-age" value. It defines the cache duration for all pages on the site.', 'purgely'); ?>
         </p>
@@ -1089,7 +1113,7 @@ public function cache_control_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-advanced[cache_control_ttl]'
-               value='<?php echo esc_attr($options['cache_control_ttl']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['cache_control_ttl']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Sets the "Cache-Control" header\'s "max-age" value. It specifies how long end users/browsers should cache pages. Typically we don\'t want end users caching pages as that may delay users seeing new/changed content.', 'purgely'); ?>
         </p>
@@ -1107,10 +1131,10 @@ public function sitecode_render()
         ?>
         <?php if(is_multisite()) { ?>
         <input type='text' name='notmuch'
-               value='' size="<?php echo self::INPUT_SIZE ?>" readonly >
+               value='' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>" readonly >
         <?php } else { ?>
         <input type='text' name='fastly-settings-advanced[sitecode]'
-               value='<?php echo esc_attr($options['sitecode']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['sitecode']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <?php } ?>
         <p class="description">
         <?php esc_html_e('Prepends sitecode to surrogate keys. Multisite does this automatically. Useful in situations where you have microsite(s) inside a single Fastly service.', 'purgely'); ?>
@@ -1140,7 +1164,8 @@ public function default_purge_type_render()
         <p class="description">
             <?php
             printf(
-                esc_html__('The purge type setting controls the manner in which the cache is purged. Instant purging causes the cached object(s) to be purged immediately. Soft purging causes the origin to revalidate the cache and Fastly will serve stale content until revalidation is completed. For more information, please see %s.', 'purgely'),
+            /* translators: %s Link to Fastly purging documentation*/
+            esc_html__('The purge type setting controls the manner in which the cache is purged. Instant purging causes the cached object(s) to be purged immediately. Soft purging causes the origin to revalidate the cache and Fastly will serve stale content until revalidation is completed. For more information, please see %s.', 'purgely'),
                 sprintf(
                     '<a href="%1$s" target="_blank">%2$s</a>',
                     'https://docs.fastly.com/guides/purging/soft-purges',
@@ -1232,7 +1257,7 @@ public function stale_settings_callback()
      */
     public function fastly_cache_tags_settings_callback()
     {
-        _e("This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. <b>Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.</b>", 'purgely');
+        esc_html__("This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. <b>Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.</b>", 'purgely');
     }
 
     /**
@@ -1243,7 +1268,7 @@ public function fastly_cache_tags_settings_callback()
     public function fastly_io_main_settings_callback()
     {
 
-        _e("This section allows you to enable Fastly IO options.", 'purgely');
+        esc_html__("This section allows you to enable Fastly IO options.", 'purgely');
     }
 
     /**
@@ -1253,7 +1278,7 @@ public function fastly_io_main_settings_callback()
      */
     public function fastly_io_settings_callback()
     {
-        _e("This section allows you to configure Fastly IO options inside Wordpress. Turning them on will rewrite HTML.", 'purgely');
+        esc_html__("This section allows you to configure Fastly IO options inside Wordpress. Turning them on will rewrite HTML.", 'purgely');
     }
 
     /**
@@ -1263,7 +1288,7 @@ public function fastly_io_settings_callback()
      */
     public function fastly_io_settings_disabled_callback()
     {
-        _e("Image Optimization feature is a separately priced feature. Please contact your sales rep about pricing or send an email to support@fastly.com if you believe it should have already been enabled on your account.", 'purgely');
+        esc_html__("Image Optimization feature is a separately priced feature. Please contact your sales rep about pricing or send an email to support@fastly.com if you believe it should have already been enabled on your account.", 'purgely');
     }
 
     /**
@@ -1304,7 +1329,8 @@ public function enable_stale_while_revalidate_render()
         <p class="description">
             <?php
             printf(
-                esc_html__('Toggle "stale while revalidate" behavior. The stale while revalidate behavior allows stale content to be served while content is regenerated in the background. Please see %s', 'purgely'),
+            /* translators: %s: Link to Fastly documentation */
+            esc_html__('Toggle "stale while revalidate" behavior. The stale while revalidate behavior allows stale content to be served while content is regenerated in the background. Please see %s', 'purgely'),
                 sprintf(
                     '<a href="%1$s" target="_blank">%2$s</a>',
                     'https://www.fastly.com/blog/stale-while-revalidate',
@@ -1327,7 +1353,7 @@ public function stale_while_revalidate_ttl_render()
         ?>
         <input type='text' name='fastly-settings-advanced[stale_while_revalidate_ttl]'
                value='<?php echo esc_attr($options['stale_while_revalidate_ttl']); ?>'
-               size="<?php echo self::INPUT_SIZE ?>">
+               size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Determines the amount of time that Fastly is allowed to serve stale content while new content is generated.', 'purgely'); ?>
         </p>
@@ -1352,7 +1378,8 @@ public function enable_stale_if_error_render()
         <p class="description">
             <?php
             printf(
-                esc_html__('Toggle "stale if error" behavior. The stale if error behavior allows stale content to be served while the origin is returning an error state. Please see %s', 'purgely'),
+            /* translators: %s: Link to Fastly documentation */
+            esc_html__('Toggle "stale if error" behavior. The stale if error behavior allows stale content to be served while the origin is returning an error state. Please see %s', 'purgely'),
                 sprintf(
                     '<a href="%1$s" target="_blank">%2$s</a>',
                     'https://www.fastly.com/blog/stale-while-revalidate',
@@ -1374,7 +1401,7 @@ public function stale_if_error_ttl_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-advanced[stale_if_error_ttl]'
-               value='<?php echo esc_attr($options['stale_if_error_ttl']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['stale_if_error_ttl']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Determines the amount of time Fastly is allowed to serve stale content while the origin is returning an error state.', 'purgely'); ?>
         </p>
@@ -1418,7 +1445,7 @@ public function use_fastly_cache_tags_for_custom_post_type_render()
                name='fastly-settings-advanced[use_fastly_cache_tags_for_custom_post_type]' <?php checked(isset($options['use_fastly_cache_tags_for_custom_post_type']) && false === $options['use_fastly_cache_tags_for_custom_post_type']); ?>
                value='false'>No
         <p class="description">
-            <?php _e("Use Fastly Cache Tags on custom post types. <b>Activate only if you have custom post types registered.</b>", 'purgely'); ?>
+            <?php esc_html__("Use Fastly Cache Tags on custom post types. <b>Activate only if you have custom post types registered.</b>", 'purgely'); ?>
         </p>
         <?php
     }
@@ -1434,7 +1461,7 @@ public function always_purged_keys_render()
         ?>
         <input type='text' name='fastly-settings-advanced[always_purged_keys]'
                value='<?php echo esc_attr($options['always_purged_keys']); ?>'
-               size="<?php echo self::INPUT_SIZE ?>">
+               size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Separate keys that will always be purged by comma (Emergency usage only).', 'purgely'); ?>
             <?php esc_html_e('Example: t-24,t-67 will purge posts with IDs 24 and 67', 'purgely'); ?>
@@ -1453,9 +1480,9 @@ public function purge_by_url_render()
         <span class="spinner" id="vcl-popup-spinner"
               style="position: absolute; top:0;left:0;width:100%;height:100%;margin:0; background-color: #fff; background-position:center;"></span>
         <input type='text' id="purge_by_url" name='purge_by_url'
-               placeholder="<?php echo __('https://example.com/test'); ?>" value=''
-               size="<?php echo self::INPUT_SIZE ?>">
-        <input type="button" class="button button-secondary" id="purge-by-url" value="<?php echo __('Purge URL'); ?>">
+               placeholder="<?php echo esc_url('https://example.com/test'); ?>" value=''
+               size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
+        <input type="button" class="button button-secondary" id="purge-by-url" value="<?php echo esc_attr__('Purge URL', 'purgely'); ?>">
         <p id="purge-by-url-status"></p>
         <p class="description">
             <?php esc_html_e('Paste the url you want to purge and click Purge URL button', 'purgely'); ?>
@@ -1470,7 +1497,7 @@ public function purge_by_url_render()
 
                     $.ajax({
                         method: 'GET',
-                        url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                        url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                         data: {
                             action: 'purge_by_url',
                             purge_url: purge_url_value
@@ -1498,7 +1525,7 @@ public function webhooks_url_endpoint_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-webhooks[webhooks_url_endpoint]'
-               value='<?php echo esc_attr($options['webhooks_url_endpoint']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['webhooks_url_endpoint']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Slack URL endpoint.', 'purgely'); ?>
         </p>
@@ -1515,7 +1542,7 @@ public function webhooks_username_render()
         $options = Purgely_Settings::get_settings();
         ?>
         <input type='text' name='fastly-settings-webhooks[webhooks_username]'
-               value='<?php echo esc_attr($options['webhooks_username']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+               value='<?php echo esc_attr($options['webhooks_username']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Slack username.', 'purgely'); ?>
         </p>
@@ -1539,9 +1566,11 @@ public function maintenance_update_html_render()
 
         if (!is_null($vcl->_last_active_version_num) && !is_null($vcl->_next_cloned_version_num)) {
             $service_id = purgely_get_option('fastly_service_id');
-            $message = __("You are about to clone active version
-                        {$vcl->_last_active_version_num} for service <b>{$service_name}</b>.
-                        We'll make changes to version {$vcl->_next_cloned_version_num}");
+            /* translators: %1\$s: current active VCL version, %2\$s: Fastly service name, %3\$s: new VCL version */
+            $message = sprintf(
+                    __("You are about to clone active version %1\$s for service \"%2\$s\". We'll make changes to version %3\$s", 'purgely'),
+                $vcl->_last_active_version_num, $service_name, $vcl->_next_cloned_version_num)
+            ;
         } else {
             $errors = $vcl->get_errors();
             if (!empty($errors)) {
@@ -1552,14 +1581,14 @@ public function maintenance_update_html_render()
         ?>
         <div id="maintenance-html-popup-wrapper" style="display:none;">
             <div id="html-main-ui" style="relative;">
-                <p style="margin-bottom:0;padding-bottom:0;"><?php echo $message; ?></p>
+                <p style="margin-bottom:0;padding-bottom:0;"><?php echo esc_html( $message ); ?></p>
                 <?php if ($service_id) : ?>
                     <table class="form-table">
                         <tbody>
                         <tr>
                             <th>
                                 <label for="html_activate_new">
-                                    <?php echo __('Activate new version'); ?>
+                                    <?php echo esc_html__('Activate new version', 'purgely'); ?>
                                 </label>
                             </th>
                             <td>
@@ -1569,9 +1598,13 @@ public function maintenance_update_html_render()
                         <tr>
                             <td colspan="2">
                                 <label for="maintenance-html-update">
-                                    <strong><?php echo __('Maintenance/Error page HTML'); ?></strong>
+                                    <strong><?php echo esc_html__('Maintenance/Error page HTML', 'purgely'); ?></strong>
                                 </label>
-                                <textarea name="maintenance-html-update" id="maintenance-html-update" rows="<?php echo self::INPUT_TEXTAREA_ROWS ?>" cols="<?php echo self::INPUT_TEXTAREA_COLS ?>"><?php echo $html ?></textarea>
+                                <textarea name="maintenance-html-update" id="maintenance-html-update"
+                                          rows="<?php echo esc_attr( self::INPUT_TEXTAREA_ROWS  )?>"
+                                          cols="<?php echo esc_attr( self::INPUT_TEXTAREA_COLS  )?>">
+                                    <?php echo esc_html( $html ) ?>
+                                </textarea>
                             </td>
                         </tr>
                         </tbody>
@@ -1580,15 +1613,15 @@ public function maintenance_update_html_render()
                     <div>
                         <input type="button" id="html-update-btn-ok" class="button button-primary"
                                style="margin-right: 1em;" onclick="vcl_step2()"
-                               value="<?php echo __('Save Changes'); ?>"/>
+                               value="<?php echo esc_html__('Save Changes', 'purgely'); ?>"/>
                         <input type="button" id="html-update-btn-cancel" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Cancel'); ?>"/>
+                               value="<?php echo esc_html__('Cancel', 'purgely'); ?>"/>
                     </div>
                     <span class="spinner" id="html-popup-spinner" style="position: absolute; top:0;left:0;width:100%;height:100%;margin:0; background-color: #fff; background-position:center;"></span>
                 <?php else: ?>
                     <p>
                         <input type="button" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Close'); ?>"/>
+                               value="<?php echo esc_html__('Close', 'purgely'); ?>"/>
                     </p>
                 <?php endif; ?>
             </div>
@@ -1598,7 +1631,7 @@ public function maintenance_update_html_render()
                name="Confirm HTML Update" class='button button-secondary thickbox' id="html-update-btn">SET HTML</a>
             <em class="description" id="html-update-response">
                 <strong style="padding-top: 5px; display: inline-block">
-                    <?php echo __('Make sure to have valid credentials before proceeding.'); ?>
+                    <?php echo esc_html__('Make sure to have valid credentials before proceeding.', 'purgely'); ?>
                 </strong>
             </em>
         </div>
@@ -1614,7 +1647,7 @@ function vcl_step2() {
                 spinner_html.toggleClass('is-active');
                 jQuery.ajax({
                     method: 'GET',
-                    url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                    url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                     data: {
                         action: 'fastly_html_update_ok',
                         activate: activate,
@@ -1657,9 +1690,11 @@ public function image_optimization_update_renderer()
 
         if (!is_null($vcl->_last_active_version_num) && !is_null($vcl->_next_cloned_version_num)) {
             $service_id = purgely_get_option('fastly_service_id');
-            $message = __("You are about to clone active version
-                        {$vcl->_last_active_version_num} for service <b>{$service_name}</b>.
-                        We'll make changes to version {$vcl->_next_cloned_version_num}");
+            /* translators: %1\$s: current active VCL version, %2\$s: Fastly service name, %3\$s: new VCL version */
+            $message = sprintf(
+                __("You are about to clone active version %1\$s for service \"%2\$s\". We'll make changes to version %3\$s", 'purgely'),
+                $vcl->_last_active_version_num, $service_name, $vcl->_next_cloned_version_num)
+            ;
         } else {
             $errors = $vcl->get_errors();
             if (!empty($errors)) {
@@ -1670,14 +1705,14 @@ public function image_optimization_update_renderer()
         ?>
         <div id="io-popup-wrapper" style="display:none;">
             <div id="io-main-ui" style="relative;">
-                <p style="margin-bottom:0;padding-bottom:0;"><?php echo $message; ?></p>
+                <p style="margin-bottom:0;padding-bottom:0;"><?php echo esc_html( $message ); ?></p>
                 <?php if ($service_id) : ?>
                     <table class="form-table">
                         <tbody>
                         <tr>
                             <th>
                                 <label for="io_activate_new">
-                                    <?php echo __('Activate new version'); ?>
+                                    <?php echo esc_html__('Activate new version', 'purgely'); ?>
                                 </label>
                             </th>
                             <td>
@@ -1690,25 +1725,29 @@ public function image_optimization_update_renderer()
                     <div>
                         <input type="button" id="io-update-btn-ok" class="button button-primary"
                                style="margin-right: 1em;" onclick="vcl_step3()"
-                               value="<?php echo __('Save Changes'); ?>"/>
+                               value="<?php echo esc_html__('Save Changes', 'purgely'); ?>"/>
                         <input type="button" id="io-update-btn-cancel" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Cancel'); ?>"/>
+                               value="<?php echo esc_html__('Cancel', 'purgely'); ?>"/>
                     </div>
                     <span class="spinner" id="io-popup-spinner" style="position: absolute; top:0;left:0;width:100%;height:100%;margin:0; background-color: #fff; background-position:center;"></span>
                 <?php else: ?>
                     <p>
                         <input type="button" class="button button-secondary" onclick="vcl_step_cancel()"
-                               value="<?php echo __('Close'); ?>"/>
+                               value="<?php echo esc_html__('Close', 'purgely'); ?>"/>
                     </p>
                 <?php endif; ?>
             </div>
         </div>
         <div id="io-wrapper">
             <a href="#TB_inline?&inlineId=io-popup-wrapper&<?php if ($service_id) : ?>width=700&height=400<?php else : ?>width=320&height=120<?php endif; ?>"
-               name="Confirm Image Optimization Update" class='button button-secondary thickbox' id="io-update-btn"><?php echo $io_enabled_label; ?></a>
+               name="Confirm Image Optimization Update"
+               class='button button-secondary thickbox'
+               id="io-update-btn">
+                <?php echo esc_html( $io_enabled_label ); ?>
+            </a>
             <em class="description" id="io-update-response">
                 <strong style="padding-top: 5px; display: inline-block">
-                    <?php echo __('Click to change.'); ?>
+                    <?php echo esc_html__('Click to change.', 'purgely'); ?>
                 </strong>
             </em>
         </div>
@@ -1726,7 +1765,7 @@ function vcl_step3() {
                 spinner_io.toggleClass('is-active');
                 jQuery.ajax({
                     method: 'GET',
-                    url: '<?php echo admin_url('admin-ajax.php'); ?>',
+                    url: '<?php echo esc_url( admin_url('admin-ajax.php') ); ?>',
                     data: {
                         action: 'fastly_io_update_ok',
                         activate: activate,
@@ -1737,7 +1776,7 @@ function vcl_step3() {
                         jQuery('#io-update-btn-ok').hide();
                         if(response.status) {
                             var vcl_btn_label = document.getElementById('io-update-btn');
-                            vcl_btn_label.innerHTML = "<?php echo $io_enabled_label_after; ?>";
+                            vcl_btn_label.innerHTML = "<?php echo esc_html( $io_enabled_label_after ); ?>";
                         }
                         vcl_response_msg_io.innerHTML = "<strong>" + response.message + "</strong>";
                     },
@@ -1766,10 +1805,11 @@ public function custom_ttl_templates_render()
         $data = isset($options['custom_ttl_templates']) ? $options['custom_ttl_templates'] : array();
         ?>
         <?php foreach($template_types as $type): ?>
-        <?php $value = isset($data[$type]) ? $data[$type] : ''; ?>
+        <?php $value = $data[$type] ?? ''; ?>
         <div>
-            <input type='text' value='<?php echo $type; ?>' disabled>
-            <input type='text' name='fastly-settings-advanced[custom_ttl_templates][<?php echo $type; ?>]' value='<?php echo $value; ?>'>
+            <input type='text' value='<?php echo esc_attr( $type ); ?>' disabled>
+            <input type='text' name='fastly-settings-advanced[custom_ttl_templates][<?php echo esc_attr( $type ); ?>]'
+                   value='<?php echo esc_attr( $value ); ?>'>
         </div>
         <?php endforeach; ?>
         <p class="description">
@@ -1854,9 +1894,9 @@ public function fastly_io_adaptive_pixel_sizes()
         <select name="fastly-settings-io[io_adaptive_pixel_ratio_sizes][]" multiple>
             <?php foreach(Purgely_Settings::POSSIBLE_PIXEL_RATIOS as $ratio): ?>
                 <?php if(in_array($ratio, $sizes)) : ?>
-                    <option selected value="<?php echo $ratio; ?>"><?php echo $ratio; ?></option>
+                    <option selected value="<?php echo esc_attr( $ratio ); ?>"><?php echo esc_html( $ratio ); ?></option>
                 <?php else : ?>
-                    <option value="<?php echo $ratio; ?>"><?php echo $ratio; ?></option>
+                    <option value="<?php echo esc_attr( $ratio ); ?>"><?php echo esc_html( $ratio ); ?></option>
                 <?php endif; ?>
             <?php endforeach; ?>
         </select>
@@ -1877,7 +1917,7 @@ public function webhooks_channel_render()
         $options = Purgely_Settings::get_settings();
         ?>
         #<input type='text' name='fastly-settings-webhooks[webhooks_channel]'
-                value='<?php echo esc_attr($options['webhooks_channel']); ?>' size="<?php echo self::INPUT_SIZE ?>">
+                value='<?php echo esc_attr($options['webhooks_channel']); ?>' size="<?php echo esc_attr( self::INPUT_SIZE ) ?>">
         <p class="description">
             <?php esc_html_e('Slack channel.', 'purgely'); ?>
         </p>
@@ -1916,8 +1956,8 @@ public function options_page()
         <div class="wrap">
             <form action='options.php' method='post'>
                 <div id="fastly-admin" class="wrap">
-                    <h1><img alt="fastly" src="<?php echo FASTLY_PLUGIN_URL . 'static/logo_white.gif'; ?>"><br><span
-                                style="font-size: x-small;">version: <?php echo FASTLY_VERSION; ?></span></h1>
+                    <h1><img alt="fastly" src="<?php echo esc_attr( FASTLY_PLUGIN_URL . 'static/logo_white.gif' ); ?>"><br><span
+                                style="font-size: x-small;">version: <?php echo esc_html( FASTLY_VERSION ); ?></span></h1>
                 </div>
                 <?php
                 settings_fields('fastly-settings-general');
@@ -1940,8 +1980,8 @@ public function options_page_advanced()
         <div class="wrap">
             <form action='options.php' method='post'>
                 <div id="fastly-admin" class="wrap">
-                    <h1><img alt="fastly" src="<?php echo FASTLY_PLUGIN_URL . 'static/logo_white.gif'; ?>"><br><span
-                                style="font-size: x-small;">version: <?php echo FASTLY_VERSION; ?></span></h1>
+                    <h1><img alt="fastly" src="<?php echo esc_attr( FASTLY_PLUGIN_URL . 'static/logo_white.gif' ); ?>"><br><span
+                                style="font-size: x-small;">version: <?php echo esc_html( FASTLY_VERSION ); ?></span></h1>
                 </div>
                 <?php
                 settings_fields('fastly-settings-advanced');
@@ -1964,8 +2004,8 @@ public function options_page_webhooks()
         <div class="wrap">
             <form action='options.php' method='post'>
                 <div id="fastly-admin" class="wrap">
-                    <h1><img alt="fastly" src="<?php echo FASTLY_PLUGIN_URL . 'static/logo_white.gif'; ?>"><br><span
-                                style="font-size: x-small;">version: <?php echo FASTLY_VERSION; ?></span></h1>
+                    <h1><img alt="fastly" src="<?php echo esc_attr( FASTLY_PLUGIN_URL . 'static/logo_white.gif' ); ?>"><br><span
+                                style="font-size: x-small;">version: <?php echo esc_html( FASTLY_VERSION ); ?></span></h1>
                 </div>
                 <?php
                 settings_fields('fastly-settings-webhooks');
@@ -1988,8 +2028,8 @@ public function options_page_io()
         <div class="wrap">
             <form action='options.php' method='post'>
                 <div id="fastly-admin" class="wrap">
-                    <h1><img alt="fastly" src="<?php echo FASTLY_PLUGIN_URL . 'static/logo_white.gif'; ?>"><br><span
-                                style="font-size: x-small;">version: <?php echo FASTLY_VERSION; ?></span></h1>
+                    <h1><img alt="fastly" src="<?php echo esc_attr( FASTLY_PLUGIN_URL . 'static/logo_white.gif' ); ?>"><br><span
+                                style="font-size: x-small;">version: <?php echo esc_html( FASTLY_VERSION ); ?></span></h1>
                 </div>
                 <?php
                 settings_fields('fastly-settings-io');
diff --git a/src/utils.php b/src/utils.php
index 33cc621..7bb946e 100644
--- a/src/utils.php
+++ b/src/utils.php
@@ -147,7 +147,7 @@ function test_fastly_api_connection($hostname, $service_id, $api_key)
 {
 
     if (empty($hostname) || empty($service_id) || empty($api_key)) {
-        return array('status' => false, 'message' => __('Please enter credentials first'));
+        return array('status' => false, 'message' => __('Please enter credentials first', 'purgely'));
     }
 
     $url = trailingslashit($hostname) . 'service/' . $service_id;
@@ -164,7 +164,8 @@ function test_fastly_api_connection($hostname, $service_id, $api_key)
                 $response_body = json_decode($response->body);
                 $service_name = $response_body->name;
                 $purgely_instance->service_name = $service_name;
-                $message = __('Connection Successful on service *' . $service_name . "*");
+                /* translators: %s: Name of the Fastly service for which we have tested connection */
+                $message = sprintf(__('Connection Successful on service *%s*', 'purgely'), $service_name);
             } else {
                 handle_logging($response);
                 $message = json_decode($response->body);
@@ -194,7 +195,7 @@ function send_web_hook($message)
     $channel = Purgely_Settings::get_setting('webhooks_channel');
 
     $headers = array('Content-type: application/json');
-    $data = json_encode(
+    $data = wp_json_encode(
         array(
             'text' => $message,
             'username' => $username,
@@ -227,7 +228,7 @@ function test_web_hook()
     $channel = Purgely_Settings::get_setting('webhooks_channel');
 
     $headers = array('Content-type: application/json');
-    $data = json_encode(
+    $data = wp_json_encode(
         array(
             'text' => 'Webhook connection successful!',
             'username' => $username,
@@ -238,7 +239,7 @@ function test_web_hook()
 
     try {
         $response = Requests::request($webhook_url, $headers, $data, Requests::POST);
-        $message = $response->success ? __('Connection Successful!') : __($response->body);
+        $message = $response->success ? __('Connection Successful!', 'purgely') : $response->body;
 
         if (Purgely_Settings::get_setting('fastly_debug_mode')) {
             error_log('Webhooks - test connection: ' . $response->body);
@@ -299,31 +300,31 @@ function get_message_by_status_code($code)
 {
     switch ($code) {
         case 200:
-            $msg = __($code . ' - OK');
+            $msg = '200 - OK';
             break;
         case 203:
-            $msg = __($code . ' - Non-Authoritative Information');
+            $msg = '203 - Non-Authoritative Information';
             break;
         case 300:
-            $msg = __($code . ' - Multiple Choices');
+            $msg = '300 - Multiple Choices';
             break;
         case 301:
-            $msg = __($code . ' - Moved Permanently');
+            $msg = '301 - Moved Permanently';
             break;
         case 302:
-            $msg = __($code . ' - Moved Temporarily');
+            $msg = '302 - Moved Temporarily';
             break;
         case 401:
-            $msg = __($code . ' - Unauthorized');
+            $msg = '401 - Unauthorized';
             break;
         case 404:
-            $msg = __($code . ' - Not Found');
+            $msg = '404 - Not Found';
             break;
         case 410:
-            $msg = __($code . ' - Gone');
+            $msg = '410 - Gone';
             break;
         default:
-            $msg = __('Error occurred, turn on debugging options and check your logs.');
+            $msg = __('Error occurred, turn on debugging options and check your logs.', 'purgely');
             break;
     }
     return $msg;
diff --git a/src/wp-cli.php b/src/wp-cli.php
index 47d4722..55ab6ce 100644
--- a/src/wp-cli.php
+++ b/src/wp-cli.php
@@ -84,8 +84,10 @@ public function purge($args)
             }
 
             if ($result) {
+                /* translators: %s: information which parameter was purged - all sites, selected post or specific url */
                 WP_CLI::success(sprintf(__('Successfully purged - %s', 'purgely'), $message));
             } else {
+                /* translators: %s: information for which parameter purge was attempted - all sites, selected post or specific url */
                 WP_CLI::error(sprintf(__('Purge failed - %s - (enable and check logging for more information)'), $message));
             }
         }
@@ -110,7 +112,7 @@ public function configset($args)
                 $message .= "\nTo list options from certain section run: $msg";
                 $msg = $this->_color('green', '{true|false}');
                 $message .= "\nFor yes/no configuration options use : $msg";
-                WP_CLI::error(sprintf(__($message, 'purgely')));
+                WP_CLI::error($message, 'purgely');
                 return;
             }
 
@@ -157,11 +159,12 @@ public function configset($args)
             if(update_option($section, $settings_list)) {
                 $config_option = $this->_color('gold', $config_option);
                 $config_value = $this->_color('red', $config_value);
+                /* translators: %1\$s: option which is updated, %2\$s: value to which option is set */
                 WP_CLI::success(sprintf(__(
-                "Successfully saved $config_option option in configuration with value $config_value", 'purgely'))
+                "Successfully saved %1\$s option in configuration with value %2\$s", 'purgely'), $config_option, $config_value)
                 );
             } else {
-                WP_CLI::error(sprintf(__('Failed to save option. Please update value.', 'purgely')));
+                WP_CLI::error(__('Failed to save option. Please update value.', 'purgely'));
             }
         }
 
@@ -176,7 +179,8 @@ public function configlist($args)
             if(!$conf_list) {
                 $msg = $this->_color('gold', 'wp fastly configlist {general|advanced|webhooks}');
 
-                WP_CLI::error(sprintf(__("Usage: {$msg}", 'purgely')));
+                /* translators: %s: configlist message */
+                WP_CLI::error(sprintf(__("Usage: %s", 'purgely'), $msg));
                 return;
             }
 
@@ -195,12 +199,14 @@ public function configlist($args)
 
                     $key = $this->_color('gold', $key);
                     $value = $this->_color('red', $value);
-                    echo "\n $key = $value\n";
+                    /* translators: %1\$s: name of current setting, %2\$s: value of a setting */
+                    WP_CLI::line( sprintf( __( "Setting %1\$s = %2\$s", 'purgely' ), $key, $value ) );
                 }
                 return;
             }
             $msg = $this->_color('gold', 'wp fastly configlist {general|advanced|webhooks}');
-            WP_CLI::error(sprintf(__("Invalid config list selected. Usage: {$msg}", 'purgely')));
+            /* translators: %s: configlist message */
+            WP_CLI::error(sprintf(__("Invalid config list selected. Usage: %s", 'purgely'), $msg));
             return;
         }
 

From c51dc32d432b06f73fae48fe1d84b6b2776e7623 Mon Sep 17 00:00:00 2001
From: ivanviduka <viduka.ivan@gmail.com>
Date: Fri, 3 May 2024 14:38:36 +0200
Subject: [PATCH 2/5] Changed output function for correct display

---
 src/settings-page.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/settings-page.php b/src/settings-page.php
index f732c83..d48bc75 100644
--- a/src/settings-page.php
+++ b/src/settings-page.php
@@ -1257,7 +1257,7 @@ public function stale_settings_callback()
      */
     public function fastly_cache_tags_settings_callback()
     {
-        esc_html__("This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. <b>Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.</b>", 'purgely');
+        esc_html_e("This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. <b>Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.</b>", 'purgely');
     }
 
     /**
@@ -1268,7 +1268,7 @@ public function fastly_cache_tags_settings_callback()
     public function fastly_io_main_settings_callback()
     {
 
-        esc_html__("This section allows you to enable Fastly IO options.", 'purgely');
+        esc_html_e("This section allows you to enable Fastly IO options.", 'purgely');
     }
 
     /**
@@ -1278,7 +1278,7 @@ public function fastly_io_main_settings_callback()
      */
     public function fastly_io_settings_callback()
     {
-        esc_html__("This section allows you to configure Fastly IO options inside Wordpress. Turning them on will rewrite HTML.", 'purgely');
+        esc_html_e("This section allows you to configure Fastly IO options inside Wordpress. Turning them on will rewrite HTML.", 'purgely');
     }
 
     /**
@@ -1288,7 +1288,7 @@ public function fastly_io_settings_callback()
      */
     public function fastly_io_settings_disabled_callback()
     {
-        esc_html__("Image Optimization feature is a separately priced feature. Please contact your sales rep about pricing or send an email to support@fastly.com if you believe it should have already been enabled on your account.", 'purgely');
+        esc_html_e("Image Optimization feature is a separately priced feature. Please contact your sales rep about pricing or send an email to support@fastly.com if you believe it should have already been enabled on your account.", 'purgely');
     }
 
     /**
@@ -1445,7 +1445,7 @@ public function use_fastly_cache_tags_for_custom_post_type_render()
                name='fastly-settings-advanced[use_fastly_cache_tags_for_custom_post_type]' <?php checked(isset($options['use_fastly_cache_tags_for_custom_post_type']) && false === $options['use_fastly_cache_tags_for_custom_post_type']); ?>
                value='false'>No
         <p class="description">
-            <?php esc_html__("Use Fastly Cache Tags on custom post types. <b>Activate only if you have custom post types registered.</b>", 'purgely'); ?>
+            <?php esc_html_e("Use Fastly Cache Tags on custom post types. <b>Activate only if you have custom post types registered.</b>", 'purgely'); ?>
         </p>
         <?php
     }

From b37146fc0ed12bcf822b22289da78a58ae403006 Mon Sep 17 00:00:00 2001
From: ivanviduka <viduka.ivan@gmail.com>
Date: Fri, 3 May 2024 14:53:25 +0200
Subject: [PATCH 3/5] Remove whitespace from textarea

---
 src/settings-page.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/settings-page.php b/src/settings-page.php
index d48bc75..6026f1d 100644
--- a/src/settings-page.php
+++ b/src/settings-page.php
@@ -1602,9 +1602,7 @@ public function maintenance_update_html_render()
                                 </label>
                                 <textarea name="maintenance-html-update" id="maintenance-html-update"
                                           rows="<?php echo esc_attr( self::INPUT_TEXTAREA_ROWS  )?>"
-                                          cols="<?php echo esc_attr( self::INPUT_TEXTAREA_COLS  )?>">
-                                    <?php echo esc_html( $html ) ?>
-                                </textarea>
+                                          cols="<?php echo esc_attr( self::INPUT_TEXTAREA_COLS  )?>"><?php echo esc_html( $html ) ?></textarea>
                             </td>
                         </tr>
                         </tbody>

From 638237a85c6f8848330bc340d2e5305752130d1e Mon Sep 17 00:00:00 2001
From: ivanviduka <viduka.ivan@gmail.com>
Date: Fri, 3 May 2024 15:05:55 +0200
Subject: [PATCH 4/5] Remove log

---
 src/settings-page.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/settings-page.php b/src/settings-page.php
index 6026f1d..a952ac0 100644
--- a/src/settings-page.php
+++ b/src/settings-page.php
@@ -1503,7 +1503,6 @@ public function purge_by_url_render()
                             purge_url: purge_url_value
                         },
                         success: function (response) {
-                            console.log(response);
                             spinner.toggleClass('is-active');
                             purge_url_status.innerHTML = response.message;
                         },

From 847d62aec764c0aa6ab4a2fbf6e6f2b4927b5012 Mon Sep 17 00:00:00 2001
From: ivanviduka <viduka.ivan@gmail.com>
Date: Mon, 6 May 2024 09:52:22 +0200
Subject: [PATCH 5/5] Changes for HTML rendering

---
 src/settings-page.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/settings-page.php b/src/settings-page.php
index a952ac0..992686b 100644
--- a/src/settings-page.php
+++ b/src/settings-page.php
@@ -1257,7 +1257,14 @@ public function stale_settings_callback()
      */
     public function fastly_cache_tags_settings_callback()
     {
-        esc_html_e("This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. <b>Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.</b>", 'purgely');
+        printf(
+        /* translators: %s: Note for Fastly cache tags */
+            esc_html__('This section allows you to configure fastly cache tags for special purging cases. This should be used only if you have Wordpress configuration where Fastly purging is not working for all cases. %s', 'purgely'),
+            sprintf(
+                '<b>%1$s</b>',
+                esc_html__("Note: default Wordpress tags can be used for this purpose, if you're using them for some custom functionality already, only then use this.", 'purgely')
+            )
+        );
     }
 
     /**
@@ -1445,7 +1452,8 @@ public function use_fastly_cache_tags_for_custom_post_type_render()
                name='fastly-settings-advanced[use_fastly_cache_tags_for_custom_post_type]' <?php checked(isset($options['use_fastly_cache_tags_for_custom_post_type']) && false === $options['use_fastly_cache_tags_for_custom_post_type']); ?>
                value='false'>No
         <p class="description">
-            <?php esc_html_e("Use Fastly Cache Tags on custom post types. <b>Activate only if you have custom post types registered.</b>", 'purgely'); ?>
+            <?php esc_html_e("Use Fastly Cache Tags on custom post types.", 'purgely'); ?>
+            <b><?php esc_html_e("Activate only if you have custom post types registered.", 'purgely'); ?></b>
         </p>
         <?php
     }