It appears that the recent (v1.4.4) XSS attack fix is a little aggressive and blocks all base64 attachments. Many email client applications encode attachments as base64, and Postie v1.4.4 is now blocking base64 attachments.
Here is the fix:
– Open ./wp-content/plugins/postie/get_mail.php
– Go to line 36, you will see
// check for XSS attacks - we disallow any javascript, meta, onload, or base64
if (preg_match("/.*(script|onload|meta|base64).*/is", $email)) {
echo "possible XSS attack - ignoring email\n";
continue;
}
– On line 37, remove “|base64” so it looks like this:
// check for XSS attacks - we disallow any javascript, meta, onload, or base64
if (preg_match("/.*(script|onload|meta).*/is", $email)) {
echo "possible XSS attack - ignoring email\n";
continue;
}
– Save the file (make sure to upload the change if you are modifying the file on your local machine)
With that fix, the attachments come through as expected.
