Index: xmlrpc.php
===================================================================
--- xmlrpc.php	(revision 4534)
+++ xmlrpc.php	(working copy)
@@ -817,7 +817,7 @@
 		$user_pass   = $wpdb->escape($args[2]);
 		$data        = $args[3];
 
-		$name = $data['name'];
+		$name = sanitize_file( $data['name'] );
 		$type = $data['type'];
 		$bits = $data['bits'];
 
@@ -841,7 +841,7 @@
 			logIO('O', '(MW) Could not write file '.$name);
 			return new IXR_Error(500, 'Could not write file '.$name);
 		}
-		return apply_filters( 'wp_handle_upload', array( 'file' => $name, 'url' => $upload[ 'url' ], 'type' => $type ) );
+		return apply_filters( 'wp_handle_upload', array( 'file' => $upload[ 'file' ], 'url' => $upload[ 'url' ], 'type' => $type ) );
 	}