Opened 13 years ago
Closed 12 years ago
#3674 closed defect (bug) (fixed)
bp_core_catch_no_access() hooked too late
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 1.5.5 | Priority: | normal |
Severity: | normal | Version: | 1.5 |
Component: | Core | Keywords: | dev-feedback |
Cc: |
Description
bp_core_catch_no_access() is hooked to wp with priority 10. This means that, in practice, it hardly ever fires, since all screen and action functions are hooked to wp at 3 and 4 (via bp_actions and bp_screens).
I'm not sure if this is intentional. On one hand, it seems correct - bp_core_catch_no_access(), and especially its bp_do_404() call, ought to be the last-ditch check before BP bails completely. On the other hand, if the function is going to contain any logic for preventing access to protected resources, it needs to run *before* anything else.
See also #3666.
Change History (4)
#2
@
13 years ago
- Milestone changed from 1.6 to Future Release
I haven't seen any bug reports that are related to this issue, so I'm going to punt it to the garbage bin of Future Release.
I have a feeling that the whole thing will become moot once we do theme compatibility, because we won't be killing output in the same way that we do now (in bp_core_load_template()).
One thing I forgot to note: hooking to wp:10 means that bp_do_404() never works. I guess the 20x headers have already been sent by that point.