diff --git a/admin/admin_user_search.php b/admin/admin_user_search.php
index b8ef65f8b..1d8029885 100644
--- a/admin/admin_user_search.php
+++ b/admin/admin_user_search.php
@@ -271,7 +271,7 @@ if (!isset($_REQUEST['dosearch'])) {
 
             $username = preg_replace('/\*/', '%', trim(strip_tags(strtolower($username))));
 
-            if (strstr($username, '%')) {
+            if (false !== strpos($username, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';
@@ -292,7 +292,7 @@ if (!isset($_REQUEST['dosearch'])) {
 
             $email = preg_replace('/\*/', '%', trim(strip_tags(strtolower($email))));
 
-            if (strstr($email, '%')) {
+            if (false !== strpos($email, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';
@@ -577,7 +577,7 @@ if (!isset($_REQUEST['dosearch'])) {
                     break;
                 case 'equals':
                     // looking for a -
-                    if (strstr($postcount_value, '-')) {
+                    if (false !== strpos($postcount_value, '-')) {
                         $range = preg_split('/[-\s]+/', $postcount_value);
 
                         $range_begin = (int)$range[0];
@@ -624,7 +624,7 @@ if (!isset($_REQUEST['dosearch'])) {
 
             $userfield_value = preg_replace('/\*/', '%', trim(strip_tags(strtolower($userfield_value))));
 
-            if (strstr($userfield_value, '%')) {
+            if (false !== strpos($userfield_value, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';
diff --git a/dl.php b/dl.php
index f2721aaf2..94ced0caa 100644
--- a/dl.php
+++ b/dl.php
@@ -54,7 +54,7 @@ function send_file_to_browser($attachment, $upload_dir)
 
     // Correct the mime type - we force application/octet-stream for all files, except images
     // Please do not change this, it is a security precaution
-    if (!strstr($attachment['mimetype'], 'image')) {
+    if (false === strpos($attachment['mimetype'], 'image')) {
         $attachment['mimetype'] = 'application/octet-stream';
     }
 
diff --git a/library/attach_mod/includes/functions_attach.php b/library/attach_mod/includes/functions_attach.php
index 891780b9a..1fb8a9033 100644
--- a/library/attach_mod/includes/functions_attach.php
+++ b/library/attach_mod/includes/functions_attach.php
@@ -410,7 +410,7 @@ function attachment_sync_topic($topics)
  */
 function get_extension($filename)
 {
-    if (!stristr($filename, '.')) {
+    if (false === stripos($filename, '.')) {
         return '';
     }
     $extension = strrchr(strtolower($filename), '.');
diff --git a/library/attach_mod/includes/functions_delete.php b/library/attach_mod/includes/functions_delete.php
index 20affee97..3e0badfa4 100644
--- a/library/attach_mod/includes/functions_delete.php
+++ b/library/attach_mod/includes/functions_delete.php
@@ -41,7 +41,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
         $post_id_array = array();
 
         if (!is_array($attach_id_array)) {
-            if (strstr($attach_id_array, ', ')) {
+            if (false !== strpos($attach_id_array, ', ')) {
                 $attach_id_array = explode(', ', $attach_id_array);
             } elseif (strstr($attach_id_array, ',')) {
                 $attach_id_array = explode(',', $attach_id_array);
@@ -82,7 +82,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
             return;
         }
 
-        if (strstr($post_id_array, ', ')) {
+        if (false !== strpos($post_id_array, ', ')) {
             $post_id_array = explode(', ', $post_id_array);
         } elseif (strstr($post_id_array, ',')) {
             $post_id_array = explode(',', $post_id_array);
@@ -127,7 +127,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
     }
 
     if (!is_array($attach_id_array)) {
-        if (strstr($attach_id_array, ', ')) {
+        if (false !== strpos($attach_id_array, ', ')) {
             $attach_id_array = explode(', ', $attach_id_array);
         } elseif (strstr($attach_id_array, ',')) {
             $attach_id_array = explode(',', $attach_id_array);
diff --git a/library/includes/functions.php b/library/includes/functions.php
index f2749fe04..67b0c6cbd 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -1741,7 +1741,7 @@ function redirect($url)
         trigger_error("Headers already sent in $filename($linenum)", E_USER_ERROR);
     }
 
-    if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) {
+    if (false !== strpos(urldecode($url), "\n") || false !== strpos(urldecode($url), "\r") || false !== strpos(urldecode($url), ';url')) {
         bb_die('Tried to redirect to potentially insecure url');
     }
 
diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php
index e04f2276a..d7cbe3925 100644
--- a/library/includes/init_bb.php
+++ b/library/includes/init_bb.php
@@ -378,7 +378,7 @@ define('SELECT', 6);
 
 if (!empty($banned_user_agents)) {
     foreach ($banned_user_agents as $agent) {
-        if (strstr(USER_AGENT, $agent)) {
+        if (false !== strpos(USER_AGENT, $agent)) {
             $filename = 'Download files by using browser';
             $output = '@';
             header('Content-Type: text/plain');
diff --git a/library/includes/template.php b/library/includes/template.php
index 3e4fe5e0d..44e5f8655 100644
--- a/library/includes/template.php
+++ b/library/includes/template.php
@@ -393,7 +393,7 @@ class template
      */
     public function assign_block_vars($blockname, $vararray): bool
     {
-        if (strstr($blockname, '.')) {
+        if (false !== strpos($blockname, '.')) {
             // Nested block.
             $blocks = explode('.', $blockname);
             $blockcount = count($blocks) - 1;
diff --git a/login.php b/login.php
index 34eecacc6..63950cd4d 100644
--- a/login.php
+++ b/login.php
@@ -48,7 +48,7 @@ $login_errors = array();
 if (preg_match('/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si', $_SERVER['QUERY_STRING'], $matches)) {
     $redirect_url = $matches[1];
 
-    if (!strstr($redirect_url, '?') && $first_amp = strpos($redirect_url, '&')) {
+    if (false === strpos($redirect_url, '?') && $first_amp = strpos($redirect_url, '&')) {
         $redirect_url[$first_amp] = '?';
     }
 } elseif (!empty($_POST['redirect'])) {
@@ -60,7 +60,7 @@ if (preg_match('/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si', $_SERVER['QUERY_STRING
 $redirect_url = str_replace('&admin=1', '', $redirect_url);
 $redirect_url = str_replace('?admin=1', '', $redirect_url);
 
-if (!$redirect_url || strstr(urldecode($redirect_url), "\n") || strstr(urldecode($redirect_url), "\r") || strstr(urldecode($redirect_url), ';url')) {
+if (!$redirect_url || false !== strpos(urldecode($redirect_url), "\n") || false !== strpos(urldecode($redirect_url), "\r") || false !== strpos(urldecode($redirect_url), ';url')) {
     $redirect_url = "index.php";
 }