Coding Standards: Add missing escaping functions to `WP_Customize_Control` and `WP_Customize_Nav_Menu_Location_Control`.

Follow-up to [20295], [32806].

Props nareshbheda, shailu25, sabernhardt, audrasjb.
Fixes #60324.




Built from https://develop.svn.wordpress.org/trunk@57369


git-svn-id: http://core.svn.wordpress.org/trunk@56875 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-customize-control.php

@@ -553,7 +553,7 @@ class WP_Customize_Control {
 				<select id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> <?php $this->link(); ?>>
 					<?php
 					foreach ( $this->choices as $value => $label ) {
-						echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . $label . '</option>';
+						echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
 					}
 					?>
 				</select>

wp-includes/customize/class-wp-customize-nav-menu-location-control.php

@@ -77,7 +77,7 @@ class WP_Customize_Nav_Menu_Location_Control extends WP_Customize_Control {
 			<select <?php $this->link(); ?>>
 				<?php
 				foreach ( $this->choices as $value => $label ) :
-					echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . $label . '</option>';
+					echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
 				endforeach;
 				?>
 			</select>

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.5-alpha-57368';
+$wp_version = '6.5-alpha-57369';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.