Index: includes/xmlrpc.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/xmlrpc.inc,v
retrieving revision 1.16
diff -u -r1.16 xmlrpc.inc
--- includes/xmlrpc.inc	31 Mar 2005 21:18:08 -0000	1.16
+++ includes/xmlrpc.inc	29 Jun 2005 18:46:31 -0000
@@ -61,12 +61,6 @@
     $xmlrpcArray => 2,
     $xmlrpcStruct => 3);
 
-$xmlEntities=array(   "amp" => "&",
-    "quot" => '"',
-    "lt" => "<",
-    "gt" => ">",
-    "apos" => "'");
-
 $xmlrpcerr["unknown_method"]=1;
 $xmlrpcstr["unknown_method"]="Unknown method";
 $xmlrpcerr["invalid_return"]=2;
@@ -92,9 +86,6 @@
 // let XML parse errors start at 100
 $xmlrpcerrxml=100;
 
-// formulate backslashes for escaping regexp
-$xmlrpc_backslash=chr(92).chr(92);
-
 // used to store state during parsing
 // quick explanation of components:
 //   st - used to build up a string for evaluation
@@ -109,36 +100,6 @@
 
 $_xh=array();
 
-function xmlrpc_entity_decode($string) {
-  $top=split("&", $string);
-  $op="";
-  $i=0;
-  while($i<sizeof($top)) {
-    if (ereg("^([#a-zA-Z0-9]+);", $top[$i], $regs)) {
-      $op.=ereg_replace("^[#a-zA-Z0-9]+;",
-          xmlrpc_lookup_entity($regs[1]),
-          $top[$i]);
-    } else {
-      if ($i==0)
-        $op=$top[$i];
-      else
-        $op.="&" . $top[$i];
-    }
-    $i++;
-  }
-  return $op;
-}
-
-function xmlrpc_lookup_entity($ent) {
-  global $xmlEntities;
-
-  if (isset($xmlEntities[strtolower($ent)]))
-    return $xmlEntities[strtolower($ent)];
-  if (ereg("^#([0-9]+)$", $ent, $regs))
-    return chr($regs[1]);
-  return "?";
-}
-
 function xmlrpc_se($parser, $name, $attrs) {
   global $_xh, $xmlrpcDateTime, $xmlrpcString;
 
@@ -237,9 +198,9 @@
       case "BASE64":
       if ($_xh[$parser]['qt']==1) {
         // we use double quotes rather than single so backslashification works OK
-        $_xh[$parser]['st'].="\"". $_xh[$parser]['ac'] . "\"";
+        $_xh[$parser]['st'].="'". $_xh[$parser]['ac'] ."'";
       } else if ($_xh[$parser]['qt']==2) {
-        $_xh[$parser]['st'].="base64_decode('". $_xh[$parser]['ac'] . "')";
+        $_xh[$parser]['st'].="base64_decode('". $_xh[$parser]['ac'] ."')";
       } else if ($name=="BOOLEAN") {
         $_xh[$parser]['st'].=$_xh[$parser]['ac'];
       } else {
@@ -262,12 +223,12 @@
       // deal with a string value
       if (strlen($_xh[$parser]['ac'])>0 &&
           $_xh[$parser]['vt']==$xmlrpcString) {
-        $_xh[$parser]['st'].="\"". $_xh[$parser]['ac'] . "\"";
+        $_xh[$parser]['st'].="'". $_xh[$parser]['ac'] . "'";
       }
     // This if() detects if no scalar was inside <VALUE></VALUE>
     // and pads an empty "".
     if($_xh[$parser]['st'][strlen($_xh[$parser]['st'])-1] == '(') {
-      $_xh[$parser]['st'].= '""';
+      $_xh[$parser]['st'].= "''";
     }
     $_xh[$parser]['st'].=", '" . $_xh[$parser]['vt'] . "')";
     if ($_xh[$parser]['cm']) $_xh[$parser]['st'].=",";
@@ -306,7 +267,7 @@
 
 function xmlrpc_cd($parser, $data)
 {
-  global $_xh, $xmlrpc_backslash;
+  global $_xh;
 
   //if (ereg("^[\n\r \t]+$", $data)) return;
   // print "adding [${data}]\n";
@@ -323,12 +284,23 @@
     }
     // replace characters that eval would
     // do special things with
-    $_xh[$parser]['ac'].=str_replace('$', '\$',
-        str_replace('"', '\"', str_replace(chr(92),
-            $xmlrpc_backslash, $data)));
+    $_xh[$parser]['ac'].= xmlrpc_escape_php($data);
   }
 }
 
+/**
+ * Escapes a piece of text so it can be placed literally between single quotes
+ * as a string inside PHP code.
+ *
+ * A single slash is converted to a double slash, a single quote converted to
+ * a slash followed by a quote.
+ */
+function xmlrpc_escape_php($data) {
+  return str_replace(array('\\', "'"),
+                     array('\\\\', "\\'"),
+                     $data);
+}
+
 function xmlrpc_dh($parser, $data)
 {
   global $_xh;
@@ -337,9 +309,7 @@
       $_xh[$parser]['qt']=1;
       $_xh[$parser]['lv']=2;
     }
-    $_xh[$parser]['ac'].=str_replace('$', '\$',
-        str_replace('"', '\"', str_replace(chr(92),
-            $xmlrpc_backslash, $data)));
+    $_xh[$parser]['ac'].= xmlrpc_escape_php($data);
   }
 }
 
Index: includes/xmlrpcs.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/xmlrpcs.inc,v
retrieving revision 1.9
diff -u -r1.9 xmlrpcs.inc
--- includes/xmlrpcs.inc	6 Jan 2004 12:09:41 -0000	1.9
+++ includes/xmlrpcs.inc	29 Jun 2005 18:46:31 -0000
@@ -246,7 +246,7 @@
     for($i=0; $i<sizeof($_xh[$parser]['params']); $i++) {
       //print "<!-- " . $_xh[$parser]['params'][$i]. "-->\n";
       $plist.="$i - " .  $_xh[$parser]['params'][$i]. " \n";
-      eval('$m->addParam(' . $_xh[$parser]['params'][$i]. ");");
+      $m->addParam(eval('return '. $_xh[$parser]['params'][$i] .';'));
     }
     // uncomment this to really see what the server's getting!
     // xmlrpc_debugmsg($plist);
@@ -265,13 +265,12 @@
       }
       if ( (!isset($dmap[$methName]['signature']))
            || $sr[0]) {
+        $f = $dmap[$methName]['function'];
         // if no signature or correct signature
         if ($sysCall) {
-          eval('$r=' . $dmap[$methName]['function'] .
-               '($this, $m);');
+          $r = $f($this, $m);
         } else {
-          eval('$r=' . $dmap[$methName]['function'] .
-               '($m);');
+          $r = $f($m);
         }
       } else {
         $r=new xmlrpcresp(0,