[eluser]Thoer[/eluser]
I had to debug the very same problem. The bug must have been added between 1.6.1 and 1.7.0, but I think 1.6.3 was not affected.
Now I can't say I fully understand the Input::xss_clean function, but my senses tell me that is_image paramater is there for a reason. I modified my Upload class so that do_xss_clean function is like this:
[code]
$CI =& get_instance();
$clean = $CI->input->xss_clean($data, TRUE);
if ( ! $clean) return FALSE;
[code]
instead of
[code]
$CI =& get_instance();
$data= $CI->input->xss_clean($data);
[code]
and it does seem to do the trick, although I'm not suggesting that it's a tested or good solution in any way. Anyway, I'll report this bug, and let's hope Rick and his team will come up with the real solution.