Coding Standards: Escape the whole attribute in `wp-admin/export.php`.

It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.

While the hardcoded hyphen in this case don't necessarily create that risk, it may change to a value which could be problematic, so making it a habit to escape the value in one go is best practice.

Escaping the complete value also means that a single `esc_attr()` call can be used instead of two.

Follow-up to [14444], [16652], [55616], [56632].

See #58831.
Built from https://develop.svn.wordpress.org/trunk@56633


git-svn-id: http://core.svn.wordpress.org/trunk@56145 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/export.php

@@ -160,7 +160,12 @@ function export_date_options( $post_type = 'post' ) {
 		}
 
 		$month = zeroise( $date->month, 2 );
-		echo '<option value="' . esc_attr( $date->year ) . '-' . esc_attr( $month ) . '">' . $wp_locale->get_month( $month ) . ' ' . $date->year . '</option>';
+
+		printf(
+			'<option value="%1$s">%2$s</option>',
+			esc_attr( $date->year . '-' . $month ),
+			$wp_locale->get_month( $month ) . ' ' . $date->year
+		);
 	}
 }
 ?>

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.4-alpha-56632';
+$wp_version = '6.4-alpha-56633';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.