don't check csrf protection twice (and since it will fail on the redirect), fixes #4557

Closes #4557

Merge request studip/studip!3360

app/controllers/course/basicdata.php

@@ -612,7 +612,8 @@ class Course_BasicdataController extends AuthenticatedController
 
     public function add_member_action($course_id, $status = 'dozent')
     {
-        CSRFProtection::verifyUnsafeRequest();
+        // We don't need to check the csrf protection at this point since it
+        // is already checked by the multiperson search endpoint
 
         // load MultiPersonSearch object
         $mp = MultiPersonSearch::load("add_member_{$status}{$course_id}");