If the global current_group isn't set, groupblog_screen_blog() should 404

[modelm]

For hidden groups, BP unsets $bp->groups->current_group in bp_groups_group_access_protection():

        // Hidden groups should return a 404 for non-members.   
        // Unset the current group so that you're not redirected
        // to the default group tab.                            
        if ( 'hidden' == $current_group->status ) {             
                buddypress()->groups->current_group = 0;        
                buddypress()->is_single_item        = false;    
                bp_do_404();                                    
                return;                                         
        } else {                                                
                bp_core_no_access( $no_access_args );           
        }                                                       

Then, when groupblog_screen_blog() runs, it can't look up the current group's blog ID or that blog's options, so there's no URL to redirect to. Instead it falls back to rendering the groups/single/plugins template. In our install we set the option redirectblog to 1 which I think should mean we never render a template on group blog screens, but instead either redirect to the blog or 404.

This only affects users who can't access the group.

I am about to submit a PR which changes the fallback so that a template is only loaded if there is a current group set. Without this patch, bp_core_load_template() breaks the bp_do_404() redirect and responds 200 OK instead.

[boonebgorges]

Good catch. Thank you for the PR!