Index: wp-includes/class-wp-xmlrpc-server.php
===================================================================
--- wp-includes/class-wp-xmlrpc-server.php	(revision 32808)
+++ wp-includes/class-wp-xmlrpc-server.php	(working copy)
@@ -2747,26 +2747,31 @@
 	 * @return array|IXR_Error
 	 */
 	public function wp_editPage( $args ) {
-		// Items not escaped here will be escaped in editPost.
-		$page_id  = (int) $this->escape($args[1]);
-		$username = $this->escape($args[2]);
-		$password = $this->escape($args[3]);
+		$page_id  = $args[1];
+		$username = $args[2];
+		$password = $args[3];
 		$content  = $args[4];
 		$publish  = $args[5];
 
-		if ( !$user = $this->login($username, $password) )
+		// Escape arguments for our own purposes but leave originals intact
+		// to avoid double-escaping in mw_editPost
+		$escaped_page_id = (int) $this->escape($page_id);
+		$escaped_username = $this->escape($username);
+		$escaped_password = $this->escape($password);
+
+		if ( !$user = $this->login($escaped_username, $escaped_password) )
 			return $this->error;
 
 		/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
 		do_action( 'xmlrpc_call', 'wp.editPage' );
 
 		// Get the page data and make sure it is a page.
-		$actual_page = get_post($page_id, ARRAY_A);
+		$actual_page = get_post($escaped_page_id, ARRAY_A);
 		if ( !$actual_page || ($actual_page['post_type'] != 'page') )
 			return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
 
 		// Make sure the user is allowed to edit pages.
-		if ( !current_user_can('edit_page', $page_id) )
+		if ( !current_user_can('edit_page', $escaped_page_id) )
 			return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this page.' ) );
 
 		// Mark this as content for a page.