Escape output according to WP sniffs

[MAILPOET-4129]

mailpoet/lib/API/JSON/API.php

@@ -233,14 +233,13 @@ class API {
   }
 
   public function setTokenAndAPIVersion() {
-    $global = '<script type="text/javascript">';
-    $global .= 'var mailpoet_token = "%s";';
-    $global .= 'var mailpoet_api_version = "%s";';
-    $global .= '</script>';
     echo sprintf(
-      $global,
-      Security::generateToken(),
-      self::CURRENT_VERSION
+      '<script type="text/javascript">' .
+      'var mailpoet_token = "%s";' .
+      'var mailpoet_api_version = "%s";' .
+      '</script>',
+      esc_js(Security::generateToken()),
+      esc_js(self::CURRENT_VERSION)
     );
   }
 

mailpoet/lib/API/JSON/Response.php

@@ -39,7 +39,7 @@ abstract class Response {
     $response = array_merge($response, $data);
 
     @header('Content-Type: application/json; charset=' . get_option('blog_charset'));
-    echo WPFunctions::get()->wpJsonEncode($response);
+    echo wp_json_encode($response);
     die();
   }