Administration: Add missing escaping for CSS classes on the body tag in the admin.

Follow-up to [5892], [10823], [10868], [18882], [21014], [22000], [48060].

Propos rafiem, costdev, dd32, audrasjb, westonruter, SergeyBiryukov.
Fixes #58336.
Built from https://develop.svn.wordpress.org/trunk@55846


git-svn-id: http://core.svn.wordpress.org/trunk@55358 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-header.php

@@ -242,7 +242,7 @@ unset( $error_get_last );
 $admin_body_classes = apply_filters( 'admin_body_class', '' );
 $admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
 ?>
-<body class="wp-admin wp-core-ui no-js <?php echo $admin_body_classes; ?>">
+<body class="wp-admin wp-core-ui no-js <?php echo esc_attr( $admin_body_classes ); ?>">
 <script type="text/javascript">
 	document.body.className = document.body.className.replace('no-js','js');
 </script>

wp-admin/includes/template.php

@@ -2178,7 +2178,7 @@ var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?
 	$admin_body_classes = apply_filters( 'admin_body_class', '' );
 	$admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
 	?>
-<body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo $admin_body_classes; ?>">
+<body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo esc_attr( $admin_body_classes ); ?>">
 <script type="text/javascript">
 (function(){
 var c = document.body.className;

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.3-alpha-55845';
+$wp_version = '6.3-alpha-55846';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.