diff --git a/lib/util/util.php b/lib/util/util.php
index 485bb977dd..bf90395778 100644
--- a/lib/util/util.php
+++ b/lib/util/util.php
@@ -1234,27 +1234,6 @@ function common_shorten_links($text, $always = false, User $user=null)
     }
 }
 
-/**
- * Very basic stripping of invalid UTF-8 input text.
- *
- * @param string $str
- * @return mixed string or null if invalid input
- *
- * @todo ideally we should drop bad chars, and maybe do some of the checks
- *       from common_xml_safe_str. But we can't strip newlines, etc.
- * @todo Unicode normalization might also be useful, but not needed now.
- */
-function common_validate_utf8($str)
-{
-    // preg_replace will return NULL on invalid UTF-8 input.
-    //
-    // Note: empty regex //u also caused NULL return on some
-    // production machines, but none of our test machines.
-    //
-    // This should be replaced with a more reliable check.
-    return preg_replace('/\x00/u', '', $str);
-}
-
 /**
  * Make sure an arbitrary string is safe for output in XML as a single line.
  *
@@ -2200,26 +2179,25 @@ function common_config_append($main, $sub, $value)
 
 /**
  * Pull arguments from a GET/POST/REQUEST array with first-level input checks:
- * strips "magic quotes" slashes if necessary, and kills invalid UTF-8 strings.
+ * strips "magic quotes" slashes if necessary,
+ * and replaces invalid in UTF-8 sequences with question marks.
  *
  * @param array $from
  * @return array
  */
-function common_copy_args($from)
+function common_copy_args(array $from): array
 {
-    $to = [];
     $strip = get_magic_quotes_gpc();
-    foreach ($from as $k => $v) {
+    return array_map(function ($v) use ($strip) {
         if (is_array($v)) {
-            $to[$k] = common_copy_args($v);
+            return common_copy_args($v);
         } else {
             if ($strip) {
                 $v = stripslashes($v);
             }
-            $to[$k] = strval(common_validate_utf8($v));
+            return mb_scrub($v);
         }
-    }
-    return $to;
+    }, $from);
 }
 
 /**
diff --git a/public/index.php b/public/index.php
index c9b5df30a7..8613cd8359 100644
--- a/public/index.php
+++ b/public/index.php
@@ -305,14 +305,16 @@ function main()
     // If the site is private, and they're not on one of the "public"
     // parts of the site, redirect to login
 
-    if (!$user && common_config('site', 'private')
+    if (
+        is_null($user)
+        && common_config('site', 'private')
         && !isLoginAction($action)
         && !preg_match('/rss$/', $action)
-        && $action != 'robotstxt'
-        && !preg_match('/^Api/', $action)) {
-
+        && $action !== 'robotstxt'
+        && !preg_match('/^Api/', $action)
+    ) {
         // set returnto
-        $rargs =& common_copy_args($args);
+        $rargs = common_copy_args($args);
         unset($rargs['action']);
         if (common_config('site', 'fancy')) {
             unset($rargs['p']);