Note that as far as I can tell, the characters generated by PHP in the base64 fields don't appear to violate the XML-RPC standard at all. XML-RPC messages *are* in XML format, and as such, the XML entities should be getting decoded before being passed to a base64 decoder. So, the previously-mentioned Jakarta-based XML-RPC server appears to violate the XML spec. i.e. There's nothing here that needs to be "fixed" in PHP.