Problem With File Uploader xss_clean?

[eluser]flatulentdog[/eluser]
When I overwrite the $config['xss_clean'] = 'TRUE', the file will not display, it is damaged. does fine when this parameter is false. What's the deal? I even made a simple .jpg in paint and it broke it with xss_clean. Is this a known issue?

[eluser]Thoer[/eluser]
I had to debug the very same problem. The bug must have been added between 1.6.1 and 1.7.0, but I think 1.6.3 was not affected.
Now I can't say I fully understand the Input::xss_clean function, but my senses tell me that is_image paramater is there for a reason. I modified my Upload class so that do_xss_clean function is like this:
[code]
$CI =& get_instance();
$clean = $CI->input->xss_clean($data, TRUE);
if ( ! $clean) return FALSE;
[code]

instead of
[code]
$CI =& get_instance();
$data= $CI->input->xss_clean($data);
[code]

and it does seem to do the trick, although I'm not suggesting that it's a tested or good solution in any way. Anyway, I'll report this bug, and let's hope Rick and his team will come up with the real solution.

[eluser]barbazul[/eluser]
I tried the example provided in the user guide "as is" with global_xss_filtering set to TRUE and FALSE and in both cases I managed to correctly upload a JPEG image.

Are you having trouble with a particular file format?

[eluser]Thoer[/eluser]
It's not the global xss filtering, it's the undocumented xss filtering in the Upload class. I wouldn't probably use it, but jTaby did, and I built a plugin that extended his...

[eluser]barbazul[/eluser]
I see....
I didn't know that was even there.