diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php
index c00b982171fd1d5925898743c6f360408592edcd..709951a7b7393859785b69355e6e6aff0928e781 100644
--- a/core/modules/user/lib/Drupal/user/AccountFormController.php
+++ b/core/modules/user/lib/Drupal/user/AccountFormController.php
@@ -70,7 +70,8 @@ public function form(array $form, array &$form_state) {
 
       // To skip the current password field, the user must have logged in via a
       // one-time link and have the token in the URL.
-      $pass_reset = isset($_SESSION['pass_reset_' . $account->id()]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->id()]);
+      $pass_reset = isset($_SESSION['pass_reset_' . $account->id()]) && (\Drupal::request()->query->get('pass-reset-token') == $_SESSION['pass_reset_' . $account->id()]);
+
       $protected_values = array();
       $current_pass_description = '';
 
diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
index 04bd69c0fbbe3dfa0a85940756aa0dd1f0ecc2a0..33e259330d5c08820a40b89836bca86e8e699f2b 100644
--- a/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -123,9 +123,10 @@ function template_preprocess_user(&$variables) {
  */
 function user_edit_cancel_submit($form, &$form_state) {
   $destination = array();
-  if (isset($_GET['destination'])) {
+  $query = Drupal::request()->query;
+  if ($query->has('destination')) {
     $destination = drupal_get_destination();
-    unset($_GET['destination']);
+    $query->remove('destination');
   }
   // Note: We redirect from user/uid/edit to user/uid/cancel to make the tabs disappear.
   $account = $form_state['controller']->getEntity();