bp_core_catch_no_access() hooked too late
|Reported by:||boonebgorges||Owned by:|
bp_core_catch_no_access() is hooked to wp with priority 10. This means that, in practice, it hardly ever fires, since all screen and action functions are hooked to wp at 3 and 4 (via bp_actions and bp_screens).
I'm not sure if this is intentional. On one hand, it seems correct - bp_core_catch_no_access(), and especially its bp_do_404() call, ought to be the last-ditch check before BP bails completely. On the other hand, if the function is going to contain any logic for preventing access to protected resources, it needs to run *before* anything else.
See also #3666.