Skip to:
Content

Opened 3 years ago

Closed 13 months ago

#3674 closed defect (bug) (fixed)

bp_core_catch_no_access() hooked too late

Reported by: boonebgorges Owned by:
Milestone: 1.5.5 Priority: normal
Severity: normal Version: 1.5
Component: Core Keywords: dev-feedback
Cc:

Description

bp_core_catch_no_access() is hooked to wp with priority 10. This means that, in practice, it hardly ever fires, since all screen and action functions are hooked to wp at 3 and 4 (via bp_actions and bp_screens).

I'm not sure if this is intentional. On one hand, it seems correct - bp_core_catch_no_access(), and especially its bp_do_404() call, ought to be the last-ditch check before BP bails completely. On the other hand, if the function is going to contain any logic for preventing access to protected resources, it needs to run *before* anything else.

See also #3666.

Change History (4)

comment:1 boonebgorges3 years ago

One thing I forgot to note: hooking to wp:10 means that bp_do_404() never works. I guess the 20x headers have already been sent by that point.

comment:2 boonebgorges2 years ago

  • Milestone changed from 1.6 to Future Release

I haven't seen any bug reports that are related to this issue, so I'm going to punt it to the garbage bin of Future Release.

I have a feeling that the whole thing will become moot once we do theme compatibility, because we won't be killing output in the same way that we do now (in bp_core_load_template()).

comment:3 DJPaul13 months ago

  • Milestone changed from Future Release to 1.7

Maybe we can close this

comment:4 r-a-y13 months ago

  • Milestone changed from 1.7 to 1.5.5
  • Resolution set to fixed
  • Status changed from new to closed

Yeah, this can be closed; this was addressed in BP 1.5.5. See #4029.

Note: See TracTickets for help on using tickets.