8 files changed, 251 insertions, 80 deletions
diff --git a/tests/Bootstrap.php b/tests/Bootstrap.php
index c98d88531..439c7fdab 100644
--- a/tests/Bootstrap.php
+++ b/tests/Bootstrap.php
@@ -40,6 +40,32 @@ isset($_SERVER['REMOTE_ADDR']) OR $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
 // Prep our test environment
 include_once $dir.'/mocks/core/common.php';
 include_once SYSTEM_PATH.'core/Common.php';
+
+
+if (extension_loaded('mbstring'))
+{
+	defined('MB_ENABLED') OR define('MB_ENABLED', TRUE);
+	mb_internal_encoding('UTF-8');
+	mb_substitute_character('none');
+}
+else
+{
+	defined('MB_ENABLED') OR define('MB_ENABLED', FALSE);
+}
+
+if (extension_loaded('iconv'))
+{
+	defined('ICONV_ENABLED') OR define('ICONV_ENABLED', TRUE);
+	iconv_set_encoding('internal_encoding', 'UTF-8');
+}
+else
+{
+	defined('ICONV_ENABLED') OR define('ICONV_ENABLED', FALSE);
+}
+
+include_once SYSTEM_PATH.'core/compat/mbstring.php';
+include_once SYSTEM_PATH.'core/compat/password.php';
+
 include_once $dir.'/mocks/autoloader.php';
 spl_autoload_register('autoload');
 
diff --git a/tests/codeigniter/core/compat/mbstring_test.php b/tests/codeigniter/core/compat/mbstring_test.php
new file mode 100644
index 000000000..415222446
--- /dev/null
+++ b/tests/codeigniter/core/compat/mbstring_test.php
@@ -0,0 +1,54 @@
+<?php
+
+class mbstring_test extends CI_TestCase {
+
+	public function test_bootstrap()
+	{
+		if (MB_ENABLED)
+		{
+			return $this->markTestSkipped('ext/mbstring is loaded');
+		}
+
+		$this->assertTrue(function_exists('mb_strlen'));
+		$this->assertTrue(function_exists('mb_substr'));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * @depends	test_bootstrap
+	 */
+	public function test_mb_strlen()
+	{
+		$this->assertEquals(ICONV_ENABLED ? 4 : 8, mb_strlen('тест'));
+		$this->assertEquals(ICONV_ENABLED ? 4 : 8, mb_strlen('тест', 'UTF-8'));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * @depends	test_boostrap
+	 */
+	public function test_mb_strpos()
+	{
+		$this->assertEquals(ICONV_ENABLED ? 3 : 6, mb_strpos('тест', 'с'));
+		$this->assertFalse(mb_strpos('тест', 'с', 3));
+		$this->assertEquals(ICONV_ENABLED ? 3 : 6, mb_strpos('тест', 'с', 1, 'UTF-8'));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * @depends	test_boostrap
+	 */
+	public function test_mb_substr()
+	{
+		$this->assertEquals(ICONV_ENABLED ? 'стинг' : 'естинг', mb_substr('тестинг', 2));
+		$this->assertEquals(ICONV_ENABLED ? 'нг' : 'г', mb_substr('тестинг', -2));
+		$this->assertEquals(ICONV_ENABLED ? 'ст' : 'е', mb_substr('тестинг', 2, 2));
+		$this->assertEquals(ICONV_ENABLED ? 'стинг' : 'естинг', mb_substr('тестинг', 2, 'UTF-8'));
+		$this->assertEquals(ICONV_ENABLED ? 'нг' : 'г', mb_substr('тестинг', -2, 'UTF-8'));
+		$this->assertEquals(ICONV_ENABLED ? 'ст' : 'е', mb_substr('тестинг', 2, 2, 'UTF-8'));
+	}
+
+}
+\ No newline at end of file
diff --git a/tests/codeigniter/core/compat/password_test.php b/tests/codeigniter/core/compat/password_test.php
new file mode 100644
index 000000000..4014e7415
--- /dev/null
+++ b/tests/codeigniter/core/compat/password_test.php
@@ -0,0 +1,158 @@
+<?php
+
+class password_test extends CI_TestCase {
+
+	public function test_bootstrap()
+	{
+		if (is_php('5.5'))
+		{
+			return $this->markTestSkipped('ext/standard/password is available on PHP 5.5');
+		}
+		elseif ( ! is_php('5.3.7'))
+		{
+			$this->assertFalse(defined('PASSWORD_BCRYPT'));
+			return $this->markTestSkipped("PHP versions prior to 5.3.7 don't have the '2y' Blowfish version");
+		}
+		elseif ( ! defined('CRYPT_BLOWFISH') OR CRYPT_BLOWFISH !== 1)
+		{
+			$this->assertFalse(defined('PASSWORD_BCRYPT'));
+			return $this->markTestSkipped('CRYPT_BLOWFISH is not available');
+		}
+
+		$this->assertTrue(defined('PASSWORD_BCRYPT'));
+		$this->assertTrue(defined('PASSWORD_DEFAULT'));
+		$this->assertEquals(1, PASSWORD_BCRYPT);
+		$this->assertEquals(PASSWORD_BCRYPT, PASSWORD_DEFAULT);
+		$this->assertTrue(function_exists('password_get_info'));
+		$this->assertTrue(function_exists('password_hash'));
+		$this->assertTrue(function_exists('password_needs_rehash'));
+		$this->assertTrue(function_exists('password_verify'));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * password_get_info() test
+	 *
+	 * Borrowed from PHP's own tests
+	 *
+	 * @depends	test_bootstrap
+	 */
+	public function test_password_get_info()
+	{
+		$expected = array(
+			'algo' => 1,
+			'algoName' => 'bcrypt',
+			'options' => array('cost' => 10)
+		);
+
+		// default
+		$this->assertEquals($expected, password_get_info('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y'));
+
+		$expected['options']['cost'] = 11;
+
+		// cost
+		$this->assertEquals($expected, password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y'));
+
+		$expected = array(
+			'algo' => 0,
+			'algoName' => 'unknown',
+			'options' => array()
+		);
+
+		// invalid length
+		$this->assertEquals($expected, password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100'));
+
+		// non-bcrypt
+		$this->assertEquals($expected, password_get_info('$1$rasmusle$rISCgZzpwk3UhDidwXvin0'));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * password_hash() test
+	 *
+	 * Borrowed from PHP's own tests
+	 *
+	 * @depends	test_bootstrap
+	 */
+	public function test_password_hash()
+	{
+		// FALSE is returned if no CSPRNG source is available
+		if ( ! defined('MCRYPT_DEV_URANDOM') && ! function_exists('openssl_random_pseudo_bytes')
+			&& (DIRECTORY_SEPARATOR !== '/' OR ! is_readable('/dev/arandom') OR ! is_readable('/dev/urandom'))
+			)
+		{
+			$this->assertFalse(password_hash('foo', PASSWORD_BCRYPT));
+		}
+		else
+		{
+			$this->assertEquals(60, strlen(password_hash('foo', PASSWORD_BCRYPT)));
+			$this->assertTrue(($hash = password_hash('foo', PASSWORD_BCRYPT)) === crypt('foo', $hash));
+		}
+
+		$this->assertEquals(
+			'$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi',
+			password_hash('rasmuslerdorf', PASSWORD_BCRYPT, array('cost' => 7, 'salt' => 'usesomesillystringforsalt'))
+		);
+
+		$this->assertEquals(
+			'$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y',
+			password_hash('test', PASSWORD_BCRYPT, array('salt' => '123456789012345678901'.chr(0)))
+		);
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * password_needs_rehash() test
+	 *
+	 * Borrowed from PHP's own tests
+	 *
+	 * @depends	test_password_get_info
+	 */
+	public function test_password_needs_rehash()
+	{
+		// invalid hash: always rehash
+		$this->assertTrue(password_needs_rehash('', PASSWORD_BCRYPT));
+
+		// valid, because it's an unknown algorithm
+		$this->assertFalse(password_needs_rehash('', 0));
+
+		// valid with same cost
+		$this->assertFalse(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10)));
+
+		// valid with same cost and additional parameters
+		$this->assertFalse(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3)));
+
+		// invalid: different (lower) cost
+		$this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09)));
+
+		// invalid: different (higher) cost
+		$this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11)));
+
+		// valid with default cost
+		$this->assertFalse(password_needs_rehash('$2y$'.str_pad(10, 2, '0', STR_PAD_LEFT).'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT));
+
+		// invalid: 'foo' is cast to 0
+		$this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo')));
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * password_verify() test
+	 *
+	 * Borrowed from PHP's own tests
+	 *
+	 * @depends	test_bootstrap
+	 */
+	public function test_password_verify()
+	{
+		$this->assertFalse(password_verify(123, 123));
+		$this->assertFalse(password_verify('foo', '$2a$07$usesomesillystringforsalt$'));
+		$this->assertFalse(password_verify('rasmusler', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'));
+		$this->assertTrue(password_verify('rasmuslerdorf', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'));
+	}
+
+}
+\ No newline at end of file
diff --git a/tests/codeigniter/libraries/Encryption_test.php b/tests/codeigniter/libraries/Encryption_test.php
index 54db2b42d..a8b5bc81e 100644
--- a/tests/codeigniter/libraries/Encryption_test.php
+++ b/tests/codeigniter/libraries/Encryption_test.php
@@ -179,6 +179,9 @@ class Encryption_test extends CI_TestCase {
 	 * Testing the three methods separately is not realistic as they are
 	 * designed to work together. A more thorough test for initialize()
 	 * though is the OpenSSL/MCrypt compatibility test.
+	 *
+	 * @depends	test_hkdf
+	 * @depends	test__get_params
 	 */
 	public function test_initialize_encrypt_decrypt()
 	{
@@ -202,6 +205,8 @@ class Encryption_test extends CI_TestCase {
 
 	/**
 	 * encrypt(), decrypt test with custom parameters
+	 *
+	 * @depends	test___get_params
 	 */
 	public function test_encrypt_decrypt_custom()
 	{
@@ -239,7 +244,7 @@ class Encryption_test extends CI_TestCase {
 	{
 		if ($this->encryption->drivers['mcrypt'] === FALSE)
 		{
-			return $this->markTestAsSkipped('Cannot test MCrypt because it is not available.');
+			return $this->markTestSkipped('Cannot test MCrypt because it is not available.');
 		}
 
 		$this->assertTrue(is_resource($this->encryption->__driver_get_handle('mcrypt', 'rijndael-128', 'cbc')));
@@ -254,7 +259,7 @@ class Encryption_test extends CI_TestCase {
 	{
 		if ($this->encryption->drivers['openssl'] === FALSE)
 		{
-			return $this->markTestAsSkipped('Cannot test OpenSSL because it is not available.');
+			return $this->markTestSkipped('Cannot test OpenSSL because it is not available.');
 		}
 
 		$this->assertEquals('aes-128-cbc', $this->encryption->__driver_get_handle('openssl', 'aes-128', 'cbc'));
@@ -272,7 +277,7 @@ class Encryption_test extends CI_TestCase {
 	{
 		if ( ! $this->encryption->drivers['mcrypt'] OR ! $this->encryption->drivers['openssl'])
 		{
-			$this->markTestAsSkipped('Both MCrypt and OpenSSL support are required for portability tests.');
+			$this->markTestSkipped('Both MCrypt and OpenSSL support are required for portability tests.');
 			return;
 		}
 
diff --git a/tests/codeigniter/libraries/Table_test.php b/tests/codeigniter/libraries/Table_test.php
index 4bfbdd623..8e7452474 100644
--- a/tests/codeigniter/libraries/Table_test.php
+++ b/tests/codeigniter/libraries/Table_test.php
@@ -34,7 +34,7 @@ class Table_test extends CI_TestCase {
 	}
 
 	/*
-	 * @depends testPrepArgs
+	 * @depends	test_prep_args
 	 */
 	public function test_set_heading()
 	{
@@ -55,7 +55,7 @@ class Table_test extends CI_TestCase {
 	}
 
 	/*
-	 * @depends testPrepArgs
+	 * @depends	test_prep_args
 	 */
 	public function test_add_row()
 	{
diff --git a/tests/mocks/autoloader.php b/tests/mocks/autoloader.php
index 1bcde797d..33942768d 100644
--- a/tests/mocks/autoloader.php
+++ b/tests/mocks/autoloader.php
@@ -112,7 +112,7 @@ function autoload($class)
 
 	if ( ! file_exists($file))
 	{
-    return FALSE;
+		return FALSE;
 	}
 
 	include_once($file);
diff --git a/tests/mocks/core/common.php b/tests/mocks/core/common.php
index b073f230d..9eb6b0954 100644
--- a/tests/mocks/core/common.php
+++ b/tests/mocks/core/common.php
@@ -87,40 +87,6 @@ if ( ! function_exists('load_class'))
 	}
 }
 
-// This is sort of meh. Should probably be mocked up with
-// controllable output, so that we can test some of our
-// security code. The function itself will be tested in the
-// bootstrap testsuite.
-// --------------------------------------------------------------------
-
-if ( ! function_exists('remove_invisible_characters'))
-{
-	function remove_invisible_characters($str, $url_encoded = TRUE)
-	{
-		$non_displayables = array();
-
-		// every control character except newline (dec 10)
-		// carriage return (dec 13), and horizontal tab (dec 09)
-
-		if ($url_encoded)
-		{
-			$non_displayables[] = '/%0[0-8bcef]/';	// url encoded 00-08, 11, 12, 14, 15
-			$non_displayables[] = '/%1[0-9a-f]/';	// url encoded 16-31
-		}
-
-		$non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S';	// 00-08, 11, 12, 14-31, 127
-
-		do
-		{
-			$str = preg_replace($non_displayables, '', $str, -1, $count);
-		}
-		while ($count);
-
-		return $str;
-	}
-}
-
-
 // Clean up error messages
 // --------------------------------------------------------------------
 
@@ -150,23 +116,6 @@ if ( ! function_exists('_exception_handler'))
 
 // We assume a few things about our environment ...
 // --------------------------------------------------------------------
-
-if ( ! function_exists('is_php'))
-{
-	function is_php($version = '5.0.0')
-	{
-		return ! (version_compare(PHP_VERSION, $version) < 0);
-	}
-}
-
-if ( ! function_exists('is_really_writable'))
-{
-	function is_really_writable($file)
-	{
-		return is_writable($file);
-	}
-}
-
 if ( ! function_exists('is_loaded'))
 {
 	function &is_loaded()
diff --git a/tests/mocks/core/utf8.php b/tests/mocks/core/utf8.php
index 9dda43aec..30b78adfe 100644
--- a/tests/mocks/core/utf8.php
+++ b/tests/mocks/core/utf8.php
@@ -3,35 +3,14 @@
 class Mock_Core_Utf8 extends CI_Utf8 {
 
 	/**
-	 * We need to define several constants as
-	 * the same process within CI_Utf8 class constructor.
+	 * We need to define UTF8_ENABLED the same way that
+	 * CI_Utf8 constructor does.
 	 *
 	 * @covers CI_Utf8::__construct()
 	 */
 	public function __construct()
 	{
 		defined('UTF8_ENABLED') OR define('UTF8_ENABLED', TRUE);
-
-		if (extension_loaded('mbstring'))
-		{
-			defined('MB_ENABLED') OR define('MB_ENABLED', TRUE);
-			mb_internal_encoding('UTF-8');
-			ini_set('mbstring.substitute_character', 'none');
-		}
-		else
-		{
-			defined('MB_ENABLED') OR define('MB_ENABLED', FALSE);
-		}
-
-		if (extension_loaded('iconv'))
-		{
-			defined('ICONV_ENABLED') OR define('ICONV_ENABLED', TRUE);
-			iconv_set_encoding('internal_encoding', 'UTF-8');
-		}
-		else
-		{
-			defined('ICONV_ENABLED') OR define('ICONV_ENABLED', FALSE);
-		}
 	}
 
 	public function is_ascii_test($str)