From 14ed7eee5b4547612f5693f687cd0c0550565b7f Mon Sep 17 00:00:00 2001
From: George Steel <george@net-glue.co.uk>
Date: Mon, 17 Jun 2024 23:12:12 +0100
Subject: [PATCH 1/4] Deprecate the CSRF validator

Signed-off-by: George Steel <george@net-glue.co.uk>
---
 docs/book/v2/validators/csrf.md | 4 ++++
 psalm-baseline.xml              | 5 +++++
 src/Csrf.php                    | 7 ++++++-
 test/CsrfTest.php               | 5 +++++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/book/v2/validators/csrf.md b/docs/book/v2/validators/csrf.md
index 266312dcf..40943d4d9 100644
--- a/docs/book/v2/validators/csrf.md
+++ b/docs/book/v2/validators/csrf.md
@@ -3,6 +3,10 @@
 `Laminas\Validator\Csrf` provides the ability to both generate and validate CSRF tokens.
 This allows you to validate if a form submission originated from the same site, by confirming the value of the CSRF field in the submitted form is the same as the one contained in the original form.
 
+> ## Deprecated
+>
+> This validator is deprecated in favour of the drop-in replacement validator shipped in version 2.21.0 of [`laminas-session`](https://docs.laminas.dev/laminas-session/). The validator here will be removed in version 3.0 of `laminas-validator`
+
 [Cross-Site Request Forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) is a security vector in which an unauthorized request is accepted by a server on behalf of another user; it is essentially an exploit of the trust a site places on a user's browser.
 
 The typical mitigation is to create a one-time token that is transmitted as part of the original form, and which must then be transmitted back by the client.
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index 07b6da15b..c8f134332 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -1955,6 +1955,11 @@
   </file>
   <file src="src/ValidatorPluginManager.php">
     <DeprecatedClass>
+      <code><![CDATA[Csrf::class]]></code>
+      <code><![CDATA[Csrf::class]]></code>
+      <code><![CDATA[Csrf::class]]></code>
+      <code><![CDATA[Csrf::class]]></code>
+      <code><![CDATA[Csrf::class]]></code>
       <code><![CDATA[Db\NoRecordExists::class]]></code>
       <code><![CDATA[Db\NoRecordExists::class]]></code>
       <code><![CDATA[Db\NoRecordExists::class]]></code>
diff --git a/src/Csrf.php b/src/Csrf.php
index 45792e416..e8d2e2de5 100644
--- a/src/Csrf.php
+++ b/src/Csrf.php
@@ -16,7 +16,12 @@
 use function strtolower;
 use function strtr;
 
-/** @final */
+/**
+ * @deprecated This validator will be removed in version 3.0 of this component. A replacement is available in
+ *             version 2.21.0 of the laminas-session component.
+ *
+ * @final
+ */
 class Csrf extends AbstractValidator
 {
     /**
diff --git a/test/CsrfTest.php b/test/CsrfTest.php
index 8097930a1..12a267713 100644
--- a/test/CsrfTest.php
+++ b/test/CsrfTest.php
@@ -20,6 +20,11 @@
 use function strtr;
 use function uniqid;
 
+/**
+ * @deprecated
+ *
+ * @psalm-suppress DeprecatedClass
+ */
 final class CsrfTest extends TestCase
 {
     private Csrf $validator;

From 29d2b31560ec4aa34a65292f0347f81e962a4190 Mon Sep 17 00:00:00 2001
From: George Steel <george@netglue.uk>
Date: Mon, 17 Jun 2024 23:52:26 +0100
Subject: [PATCH 2/4] Improve callout formatting
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frank Brückner <info@froschdesignstudio.de>
Signed-off-by: George Steel <george@netglue.uk>
---
 docs/book/v2/validators/csrf.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/book/v2/validators/csrf.md b/docs/book/v2/validators/csrf.md
index 40943d4d9..219367fe1 100644
--- a/docs/book/v2/validators/csrf.md
+++ b/docs/book/v2/validators/csrf.md
@@ -3,9 +3,9 @@
 `Laminas\Validator\Csrf` provides the ability to both generate and validate CSRF tokens.
 This allows you to validate if a form submission originated from the same site, by confirming the value of the CSRF field in the submitted form is the same as the one contained in the original form.
 
-> ## Deprecated
->
-> This validator is deprecated in favour of the drop-in replacement validator shipped in version 2.21.0 of [`laminas-session`](https://docs.laminas.dev/laminas-session/). The validator here will be removed in version 3.0 of `laminas-validator`
+CAUTION: **Deprecated**
+This validator is deprecated in favour of the drop-in replacement validator shipped in version 2.21.0 of [`laminas-session`](https://docs.laminas.dev/laminas-session/).
+The validator here will be removed in version 3.0 of `laminas-validator`.
 
 [Cross-Site Request Forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) is a security vector in which an unauthorized request is accepted by a server on behalf of another user; it is essentially an exploit of the trust a site places on a user's browser.
 

From 9b986a4d0ad9989fab4fc65edb3445c936fafee0 Mon Sep 17 00:00:00 2001
From: George Steel <george@net-glue.co.uk>
Date: Tue, 18 Jun 2024 15:26:09 +0100
Subject: [PATCH 3/4] Move deprecation notice to the top of the page

Signed-off-by: George Steel <george@net-glue.co.uk>
---
 docs/book/v2/validators/csrf.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/book/v2/validators/csrf.md b/docs/book/v2/validators/csrf.md
index 219367fe1..02570ddeb 100644
--- a/docs/book/v2/validators/csrf.md
+++ b/docs/book/v2/validators/csrf.md
@@ -1,12 +1,12 @@
 # CSRF Validator
 
-`Laminas\Validator\Csrf` provides the ability to both generate and validate CSRF tokens.
-This allows you to validate if a form submission originated from the same site, by confirming the value of the CSRF field in the submitted form is the same as the one contained in the original form.
-
 CAUTION: **Deprecated**
 This validator is deprecated in favour of the drop-in replacement validator shipped in version 2.21.0 of [`laminas-session`](https://docs.laminas.dev/laminas-session/).
 The validator here will be removed in version 3.0 of `laminas-validator`.
 
+`Laminas\Validator\Csrf` provides the ability to both generate and validate CSRF tokens.
+This allows you to validate if a form submission originated from the same site, by confirming the value of the CSRF field in the submitted form is the same as the one contained in the original form.
+
 [Cross-Site Request Forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) is a security vector in which an unauthorized request is accepted by a server on behalf of another user; it is essentially an exploit of the trust a site places on a user's browser.
 
 The typical mitigation is to create a one-time token that is transmitted as part of the original form, and which must then be transmitted back by the client.

From efcd4cc16a625db4abd3c9a2d7d34199ae5c7e0f Mon Sep 17 00:00:00 2001
From: George Steel <george@netglue.uk>
Date: Tue, 18 Jun 2024 15:27:13 +0100
Subject: [PATCH 4/4] Include documentation link in deprecation notice
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frank Brückner <info@froschdesignstudio.de>
Signed-off-by: George Steel <george@netglue.uk>
---
 src/Csrf.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Csrf.php b/src/Csrf.php
index e8d2e2de5..e49bb6815 100644
--- a/src/Csrf.php
+++ b/src/Csrf.php
@@ -18,7 +18,7 @@
 
 /**
  * @deprecated This validator will be removed in version 3.0 of this component. A replacement is available in
- *             version 2.21.0 of the laminas-session component.
+ *             version 2.21.0 of the laminas-session component: https://docs.laminas.dev/laminas-session/
  *
  * @final
  */