diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 655fd78194..3c068e186d 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -1911,7 +1911,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
 	$obscura              = wp_generate_password( 32, false, false );
 	$file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
 	$html_report_filename = $file_basename . '.html';
-	$html_report_pathname = $exports_dir . $html_report_filename;
+	$html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
 	$file = fopen( $html_report_pathname, 'w' );
 	if ( false === $file ) {
 		wp_send_json_error( __( 'Unable to open export file (HTML report) for writing.' ) );
@@ -2007,7 +2007,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
 		$archive_url      = $exports_url . $archive_filename;
 
 		update_post_meta( $request_id, '_export_file_url', $archive_url );
-		update_post_meta( $request_id, '_export_file_path', $archive_pathname );
+		update_post_meta( $request_id, '_export_file_path', wp_normalize_path( $archive_pathname ) );
 	}
 
 	if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index a102574c97..fef200b8a2 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9.6-beta1-43233';
+$wp_version = '4.9.6-beta1-43235';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.