diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index d1bcedfa71f..e3f88ea2380 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -864,7 +864,7 @@ function check_plain($text) {
   // @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.
 
   if ($php525) {
-    return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
+    return htmlspecialchars((string) $text, ENT_QUOTES, 'UTF-8');
   }
   return (preg_match('/^./us', $text) == 1) ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
 }
@@ -899,7 +899,7 @@ function check_plain($text) {
  *   TRUE if the text is valid UTF-8, FALSE if not.
  */
 function drupal_validate_utf8($text) {
-  if (strlen($text) == 0) {
+  if (strlen((string) $text) == 0) {
     return TRUE;
   }
   // For performance reasons this logic is duplicated in check_plain().
diff --git a/includes/file.inc b/includes/file.inc
index 32371f4fb53..9b08e4958a9 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -201,6 +201,10 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
 <IfModule mod_php7.c>
   php_flag engine off
 </IfModule>
+# From PHP 8 there is no number in the module name.
+<IfModule mod_php.c>
+  php_flag engine off
+</IfModule>
 # PHP 4, Apache 1.
 <IfModule mod_php4.c>
   php_flag engine off
diff --git a/includes/locale.inc b/includes/locale.inc
index 44166a1a80a..5680408da63 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1734,7 +1734,7 @@ function _locale_parse_js_file($filepath) {
       if ($source = db_fetch_object($result)) {
         // We already have this source string and now have to add the location
         // to the location column, if this file is not yet present in there.
-        $locations = preg_split('~\s*;\s*~', $source->location);
+        $locations = preg_split('~\s*;\s*~', (string) $source->location);
 
         if (!in_array($filepath, $locations)) {
           $locations[] = $filepath;
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index bc48d798eed..ce142c2595c 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -998,7 +998,7 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite',
   // Store the input format
   _filter_xss_split($allowed_tags, TRUE);
   // Remove NUL characters (ignored by some browsers)
-  $string = str_replace(chr(0), '', $string);
+  $string = str_replace(chr(0), '', (string) $string);
   // Remove Netscape 4 JS entities
   $string = preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string);
 
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index 315390cf21b..23ccb3d9a60 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -1744,6 +1744,10 @@ function system_status($check = FALSE) {
  * Menu callback: run cron manually.
  */
 function system_run_cron() {
+  if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'run-cron')) {
+    return MENU_ACCESS_DENIED;
+  }
+
   // Run cron manually
   if (drupal_cron_run()) {
     drupal_set_message(t('Cron ran successfully.'));
diff --git a/modules/system/system.install b/modules/system/system.install
index 9a4be939603..3d4152ae5ec 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -197,7 +197,7 @@ function system_requirements($phase) {
       'title' => $t('Cron maintenance tasks'),
       'severity' => $severity,
       'value' => $summary,
-      'description' => $description .' '. $t('You can <a href="@cron">run cron manually</a>.', array('@cron' => url('admin/reports/status/run-cron'))),
+      'description' => $description .' '. $t('You can <a href="@cron">run cron manually</a>.', array('@cron' => url('admin/reports/status/run-cron', array('query' => array('token' => drupal_get_token('run-cron')))))),
     );
   }
 
diff --git a/modules/update/update.module b/modules/update/update.module
index 7c622b39f7e..d27de8eddb8 100644
--- a/modules/update/update.module
+++ b/modules/update/update.module
@@ -322,8 +322,9 @@ function update_form_alter(&$form, $form_state, $form_id) {
  */
 function _update_no_data() {
   $destination = drupal_get_destination();
+  $cron_token = array('token' => drupal_get_token('run-cron'));
   return t('No information is available about potential new releases for currently installed modules and themes. To check for updates, you may need to <a href="@run_cron">run cron</a> or you can <a href="@check_manually">check manually</a>. Please note that checking for available updates can take a long time, so please be patient.', array(
-    '@run_cron' => url('admin/reports/status/run-cron', array('query' => $destination)),
+    '@run_cron' => url('admin/reports/status/run-cron', array('query' => $cron_token + $destination)),
     '@check_manually' => url('admin/reports/updates/check', array('query' => $destination)),
   ));
 }