I'm beginning to wish I'd left this one to Sam!! I decided to see if there was still an issue in Moodle 2.0, and at first I thought there wasn't, so I distracted myself for several hours tracking down exactly what was different between the two.
It turns out that in both 2.0 and 1.9 the dodgy character is stored in the database, and cleaned in the output - both the on-screen print_post and the rss.
In 2.0 the output cleaning was working to take out the dodgy character, but on 1.9 it wasn't.
Ultimately the difference is that a default install of 1.9 has $CFG->enablehtmlpurifier as No and 2.0 has it as Yes. htmlpurifier handles these control characters perfectly, but the other stripping functions we have, and specifically the regular expression below does not.
$text = preg_replace('/�*([0-9]+);?/', '&#$1;', $string);
$text = preg_replace('/�*([0-9a-fA-F]+);?/', '&#x$1;', $text);
The regular expression can't work where the control character has been entered fully because its not been encoded like this. I'm sure there ought to be a function to swap the control character to &# format, but I can't seem to find it.
Question: to enable htmlpurifier, or decode the character?