diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2024-09-03 13:11:27 +0000 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2024-09-03 13:11:27 +0000 |
| commit | ca49522373c5b393d271971765adc1acbee158ec (patch) | |
| tree | b8584b4308468f57c251799aeb55683e02971f8d /app/controllers/course/basicdata.php | |
| parent | 9e8c92f415e5106ee9f726b1c7e251924a7769c9 (diff) | |
don't check csrf protection twice (and since it will fail on the redirect), fixes #4557
Closes #4557
Merge request studip/studip!3360
Diffstat (limited to 'app/controllers/course/basicdata.php')
| -rw-r--r-- | app/controllers/course/basicdata.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/course/basicdata.php b/app/controllers/course/basicdata.php index eab5f36..114bcc8 100644 --- a/app/controllers/course/basicdata.php +++ b/app/controllers/course/basicdata.php @@ -612,7 +612,8 @@ class Course_BasicdataController extends AuthenticatedController public function add_member_action($course_id, $status = 'dozent') { - CSRFProtection::verifyUnsafeRequest(); + // We don't need to check the csrf protection at this point since it + // is already checked by the multiperson search endpoint // load MultiPersonSearch object $mp = MultiPersonSearch::load("add_member_{$status}{$course_id}"); |