I'm using the latest version of CodeIgniter on a box with PHP Version 5.2.10-2ubuntu6.10.
When I submit POST data it appears to be scrubbed and decoded even though I have the xss_clean global turned off.
This is causing problems when passwords are submitted and certain sequences are not grabbed as raw post data.
To elaborate, if I submit the characters %11 in a <input ... /> field, when I get the POST data, it gives me a NULL character in the POST data.
Now, if I remove the code inside the remove_invisible_characters($str, $url_encoded=TRUE) function at line 512 of system/core/common.php, then I get the correct raw post data, seen as %11.
Duplicate of #148