diff --git a/tests/ControllerTest.php b/tests/ControllerTest.php
index 313e0fd04..3333c67d4 100755
--- a/tests/ControllerTest.php
+++ b/tests/ControllerTest.php
@@ -111,6 +111,7 @@ class ControllerTest extends FunctionalTest {
 		$controller = new ControllerTest_HasAction();
 		
 		$this->assertFalse($controller->hasAction('1'), 'Numeric actions do not slip through.');
+		$this->assertFalse($controller->hasAction('lowercase_permission'), 'Lowercase permission does not slip through.');
 		$this->assertFalse($controller->hasAction('undefined'), 'undefined actions do not exist');
 		$this->assertTrue($controller->hasAction('allowed_action'), 'allowed actions are recognised');
 		$this->assertTrue($controller->hasAction('template_action'), 'action-specific templates are recognised');
@@ -189,7 +190,8 @@ class ControllerTest_UnsecuredController extends ControllerTest_SecuredControlle
 class ControllerTest_HasAction extends Controller {
 	
 	public static $allowed_actions = array (
-		'allowed_action'
+		'allowed_action',
+		'other_action' => 'lowercase_permission'
 	);
 	
 	protected $templates = array (
diff --git a/tests/security/SecurityTest.php b/tests/security/SecurityTest.php
index ccb14bfb3..66f5d89f0 100644
--- a/tests/security/SecurityTest.php
+++ b/tests/security/SecurityTest.php
@@ -115,6 +115,14 @@ class SecurityTest extends FunctionalTest {
 		$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $response->getHeader('Location'),
 			"Redirection to external links in login form BackURL gets prevented as a measure against spoofing attacks"
 		);
+
+		// Test external redirection on ChangePasswordForm
+		$this->get('Security/changepassword?BackURL=http://myspoofedhost.com');
+		$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
+		$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $changedResponse->getHeader('Location'),
+			"Redirection to external links in change password form BackURL gets prevented as a measure against spoofing attacks"
+		);
+				
 		// Log the user out
 		$this->session()->inst_set('loggedInAs', null);
 	}
@@ -140,8 +148,31 @@ class SecurityTest extends FunctionalTest {
 		$this->assertEquals(302, $expiredResponse->getStatusCode());
 		$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
 		$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
+
+		// Make sure it redirects correctly after the password has been changed
+		$this->mainSession->followRedirection();
+		$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
+		$this->assertEquals(302, $changedResponse->getStatusCode());
+		$this->assertEquals(Director::baseURL() . 'test/link', $changedResponse->getHeader('Location'));
 	}
 	
+	function testChangePassword() {
+		$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
+		
+		// Change the password
+		$this->get('Security/changepassword?BackURL=test/back');
+		$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
+		$this->assertEquals(302, $changedResponse->getStatusCode());
+		$this->assertEquals(Director::baseURL() . 'test/back', $changedResponse->getHeader('Location'));
+		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		
+		// Check if we can login with the new password
+		$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword');
+		$this->assertEquals(302, $goodResponse->getStatusCode());
+		$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
+		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+	}
+		
 	function testRepeatedLoginAttemptsLockingPeopleOut() {
 		Member::lock_out_after_incorrect_logins(5);
 		
@@ -300,6 +331,22 @@ class SecurityTest extends FunctionalTest {
 		); 
 	}
 	
+	/**
+	 * Helper method to execute a change password form
+	 */
+	function doTestChangepasswordForm($oldPassword, $newPassword) {
+		return $this->submitForm(
+			"ChangePasswordForm_ChangePasswordForm", 
+			null,
+			array(
+				'OldPassword' => $oldPassword, 
+				'NewPassword1' => $newPassword, 
+				'NewPassword2' => $newPassword,
+				'action_doChangePassword' => 1,
+			)
+		);
+	}
+	
 	/**
 	 * Get the error message on the login form
 	 */