diff --git a/core/includes/ajax.inc b/core/includes/ajax.inc
index 8e024a8..a94f068 100644
--- a/core/includes/ajax.inc
+++ b/core/includes/ajax.inc
@@ -235,12 +235,14 @@ function ajax_render($commands = array()) {
   // during this request to be loaded by the page. We only want to send back
   // files that the page hasn't already loaded, so we implement simple diffing
   // logic using array_diff_key().
+  $request = Drupal::request();
   foreach (array('css', 'js') as $type) {
     // It is highly suspicious if $_POST['ajax_page_state'][$type] is empty,
     // since the base page ought to have at least one JS file and one CSS file
     // loaded. It probably indicates an error, and rather than making the page
     // reload all of the files, instead we return no new files.
-    if (empty($_POST['ajax_page_state'][$type])) {
+    $state = $request->request->get('ajax_page_state[' . $type . ']', FALSE, TRUE);
+    if ($state) {
       $items[$type] = array();
     }
     else {
@@ -259,7 +261,7 @@ function ajax_render($commands = array()) {
         }
       }
       // Ensure that the page doesn't reload what it already has.
-      $items[$type] = array_diff_key($items[$type], $_POST['ajax_page_state'][$type]);
+      $items[$type] = array_diff_key($items[$type], $state);
     }
   }
 
@@ -317,7 +319,8 @@ function ajax_render($commands = array()) {
 function ajax_get_form() {
   $form_state = form_state_defaults();
 
-  $form_build_id = $_POST['form_build_id'];
+  $request = Drupal::request();
+  $form_build_id = $request->request->get('form_build_id');
 
   // Get the form from the cache.
   $form = form_get_cache($form_build_id, $form_state);
@@ -342,7 +345,7 @@ function ajax_get_form() {
 
   // The form needs to be processed; prepare for that by setting a few internal
   // variables.
-  $form_state['input'] = $_POST;
+  $form_state['input'] = $request->request->all();
   $form_id = $form['#form_id'];
 
   return array($form, $form_state, $form_id, $form_build_id);
@@ -404,10 +407,10 @@ function ajax_form_callback() {
  * @see file_menu()
  */
 function ajax_base_page_theme() {
-  if (!empty($_POST['ajax_page_state']['theme']) && !empty($_POST['ajax_page_state']['theme_token'])) {
-    $theme = $_POST['ajax_page_state']['theme'];
-    $token = $_POST['ajax_page_state']['theme_token'];
-
+  $request = Drupal::request();
+  $theme = $request->request->get('ajax_page_state[theme]', NULL, TRUE);
+  $token = $request->request->get('ajax_page_state[theme_token]', NULL, TRUE);
+  if (!empty($theme) && !empty($token)) {
     // Prevent a request forgery from giving a person access to a theme they
     // shouldn't be otherwise allowed to see. However, since everyone is allowed
     // to see the default theme, token validation isn't required for that, and
diff --git a/core/includes/common.inc b/core/includes/common.inc
index bffacfa..785d0c5 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -443,7 +443,7 @@ function drupal_get_feeds($delimiter = "\n") {
 function drupal_get_query_parameters(array $query = NULL, array $exclude = array(), $parent = '') {
   // Set defaults, if none given.
   if (!isset($query)) {
-    $query = $_GET;
+    $query = Drupal::request()->query->all();
   }
   // If $exclude is empty, there is nothing to filter.
   if (empty($exclude)) {
@@ -526,8 +526,9 @@ function drupal_get_destination() {
     return $destination;
   }
 
-  if (isset($_GET['destination'])) {
-    $destination = array('destination' => $_GET['destination']);
+  $destination_param = Drupal::request()->query->get('destination');
+  if (isset($destination_param)) {
+    $destination = array('destination' => $destination_param);
   }
   else {
     $path = current_path();
@@ -4875,7 +4876,8 @@ function show(&$element) {
  * @see drupal_render_cache_set()
  */
 function drupal_render_cache_get($elements) {
-  if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
+  $request = Drupal::request();
+  if (!$request->isMethodSafe() || !$cid = drupal_render_cid_create($elements)) {
     return FALSE;
   }
   $bin = isset($elements['#cache']['bin']) ? $elements['#cache']['bin'] : 'cache';
@@ -4907,7 +4909,8 @@ function drupal_render_cache_get($elements) {
  */
 function drupal_render_cache_set(&$markup, $elements) {
   // Create the cache ID for the element.
-  if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
+  $request = Drupal::request();
+  if (!$request->isMethodSafe() || !$cid = drupal_render_cid_create($elements)) {
     return FALSE;
   }
 
diff --git a/core/includes/errors.inc b/core/includes/errors.inc
index 3fe23b7..f44162d 100644
--- a/core/includes/errors.inc
+++ b/core/includes/errors.inc
@@ -222,7 +222,8 @@ function _drupal_log_error($error, $fatal = FALSE) {
     }
   }
 
-  if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
+  $request = Drupal::request();
+  if ($request->isXmlHttpRequest()) {
     if ($fatal) {
       if (error_displayable($error)) {
         // When called from JavaScript, simply output the error message.
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 4689711..e967a95 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -348,8 +348,9 @@ function drupal_build_form($form_id, &$form_state) {
   // Ensure some defaults; if already set they will not be overridden.
   $form_state += form_state_defaults();
 
+  $request = Drupal::request();
   if (!isset($form_state['input'])) {
-    $form_state['input'] = $form_state['method'] == 'get' ? $_GET : $_POST;
+    $form_state['input'] = $request->isMethod('GET')? $request->query->all() : $request->request->all();
   }
 
   if (isset($_SESSION['batch_form_state'])) {
diff --git a/core/includes/pager.inc b/core/includes/pager.inc
index b073e3d..d7622e6 100644
--- a/core/includes/pager.inc
+++ b/core/includes/pager.inc
@@ -26,7 +26,8 @@
  * @see pager_default_initialize()
  */
 function pager_find_page($element = 0) {
-  $page = isset($_GET['page']) ? $_GET['page'] : '';
+  $request = Drupal::request();
+  $page = $request->query->get('page', '');
   $page_array = explode(',', $page);
   if (!isset($page_array[$element])) {
     $page_array[$element] = 0;
@@ -136,7 +137,8 @@ function pager_default_initialize($total, $limit, $element = 0) {
 function pager_get_query_parameters() {
   $query = &drupal_static(__FUNCTION__);
   if (!isset($query)) {
-    $query = drupal_get_query_parameters($_GET, array('page'));
+    $request = Drupal::request();
+    $query = drupal_get_query_parameters($request->query->all(), array('page'));
   }
   return $query;
 }
@@ -345,7 +347,8 @@ function theme_pager_link($variables) {
   $parameters = $variables['parameters'];
   $attributes = $variables['attributes'];
 
-  $page = isset($_GET['page']) ? $_GET['page'] : '';
+  $request = Drupal::request();
+  $page = $request->query->get('page', '');
   if ($new_page = implode(',', pager_load_array($page_new[$element], $element, explode(',', $page)))) {
     $parameters['page'] = $new_page;
   }
diff --git a/core/includes/tablesort.inc b/core/includes/tablesort.inc
index c42b1f4..5d49de8 100644
--- a/core/includes/tablesort.inc
+++ b/core/includes/tablesort.inc
@@ -100,7 +100,8 @@ function tablesort_cell($cell, $header, $ts, $i) {
  *   page request except for those pertaining to table sorting.
  */
 function tablesort_get_query_parameters() {
-  return drupal_get_query_parameters($_GET, array('sort', 'order'));
+  $request = Drupal::request();
+  return drupal_get_query_parameters($request->query->all(), array('sort', 'order'));
 }
 
 /**
@@ -115,7 +116,8 @@ function tablesort_get_query_parameters() {
  *   - "sql": The name of the database field to sort on.
  */
 function tablesort_get_order($headers) {
-  $order = isset($_GET['order']) ? $_GET['order'] : '';
+  $request = Drupal::request();
+  $order = $request->query->get('order', '');
   foreach ($headers as $header) {
     if (is_array($header)) {
       if (isset($header['data']) && $order == $header['data']) {
@@ -150,8 +152,9 @@ function tablesort_get_order($headers) {
  *   The current sort direction ("asc" or "desc").
  */
 function tablesort_get_sort($headers) {
-  if (isset($_GET['sort'])) {
-    return (strtolower($_GET['sort']) == 'desc') ? 'desc' : 'asc';
+  $sort = Drupal::request()->query->get('sort');
+  if (isset($sort)) {
+    return (strtolower($sort) == 'desc') ? 'desc' : 'asc';
   }
   // The user has not specified a sort. Use the default for the currently sorted
   // header if specified; otherwise use "asc".