[CRITICAL] CVE-2019-11325: Fix escaping of strings in VarExporter

PKSA-qdcz-9b22-7g4s CVE-2019-11325 GHSA-w4rc-rx25-8m86

Affected version: >=4.2.0,<4.2.12|>=4.3.0,<4.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories