Some Chars Encoded During POST While Others Are Not

TL;DR CodeIgniters' Security Class directly manipulates your Globals such as $_POST and it finds file() and file () to be a threat so it HTML encodes it. // config.php from my apps

Solution 1:

According to the user guide, you can get rid of this by setting

$config['global_xss_filtering'] = FALSE;

Or just remove this line.

IMHO, it's a design failure to modify the $_POST array, but there you go.