diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index da33a88f2a836d07f3f7747aa05f090800d24730..3a661aca4fa48ef2811b4e7b0489b72ca00ebd04 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -815,14 +815,8 @@ function check_plain($text) {
  * is outside of a tag, and thus deemed safe by a filter, can be interpreted
  * by the browser as if it were inside the tag.
  *
- * This function exploits preg_match behaviour (since PHP 4.3.5) when used
- * with the u modifier, as a fast way to find invalid UTF-8. When the matched
- * string contains an invalid byte sequence, it will fail silently.
- *
- * preg_match may not fail on 4 and 5 octet sequences, even though they
- * are not supported by the specification.
- *
- * The specific preg_match behaviour is present since PHP 4.3.5.
+ * The function does not return FALSE for strings containing character codes
+ * above U+10FFFF, even though these are prohibited by RFC 3629.
  *
  * @param $text
  *   The text to check.
@@ -833,6 +827,9 @@ function drupal_validate_utf8($text) {
   if (strlen($text) == 0) {
     return TRUE;
   }
+  // With the PCRE_UTF8 modifier 'u', preg_match() fails silently on strings
+  // containing invalid UTF-8 byte sequences. It does not reject character
+  // codes above U+10FFFF (represented by 4 or more octets), though.
   return (preg_match('/^./us', $text) == 1);
 }
 
diff --git a/includes/common.inc b/includes/common.inc
index b032b893da47058ee325e56238de7b08efc99eef..163bed0af873dda024964d03cb38628c5a04817f 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -451,7 +451,7 @@ function drupal_http_request($url, $headers = array(), $method = 'GET', $data =
       $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
       break;
     case 'https':
-      // Note: Only works for PHP 4.3 compiled with OpenSSL.
+      // Note: Only works when PHP is compiled with OpenSSL support.
       $port = isset($uri['port']) ? $uri['port'] : 443;
       $host = $uri['host'] . ($port != 443 ? ':' . $port : '');
       $fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20);
diff --git a/includes/database/database.inc b/includes/database/database.inc
index bb53386316ec47b090ee879f30ff7690f94291d0..2a4fab9c30ab4b80759e925d61f9f010a5973dbc 100644
--- a/includes/database/database.inc
+++ b/includes/database/database.inc
@@ -2211,12 +2211,8 @@ function db_rewrite_sql($query, $primary_table = 'n', $primary_field = 'nid',  $
       $n = strlen($matches[1]);
       $second_part = substr($query, $n);
       $first_part = substr($matches[1], 0, $n - 5) ." $join WHERE $where AND ( ";
-      // PHP 4 does not support strrpos for strings. We emulate it.
-      $haystack_reverse = strrev($second_part);
-      // No need to use strrev on the needle, we supply GROUP, ORDER, LIMIT
-      // reversed.
-      foreach (array('PUORG', 'REDRO', 'TIMIL') as $needle_reverse) {
-        $pos = strpos($haystack_reverse, $needle_reverse);
+      foreach (array('GROUP', 'ORDER', 'LIMIT') as $needle) {
+        $pos = strrpos($second_part, $needle);
         if ($pos !== FALSE) {
           // All needles are five characters long.
           $pos += 5;