diff --git a/Bugzilla.pm b/Bugzilla.pm
index 2ecba5c17..2995206be 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -303,7 +303,7 @@ sub init_page
         # Generate and return a message about the downtime, appropriately
         # for if we're a command-line script or a CGI script.
         my $extension;
-        if (i_am_cgi() && (!Bugzilla->cgi->param('ctype') || Bugzilla->cgi->param('ctype') eq 'html'))
+        if (i_am_cgi() && (!Bugzilla->input_params->{ctype} || Bugzilla->input_params->{ctype} eq 'html'))
         {
             $extension = 'html';
         }
@@ -491,13 +491,13 @@ sub input_params
     }
     return $cache->{input_params} if defined $cache->{input_params};
 
-    $cache->{input_params} = {};
     my $cgi = $class->cgi;
-    for ($cgi->param)
+    my $params = { %{$cgi->{param}} };
+    for (keys %$params)
     {
-        my @v = $cgi->param($_);
-        $cache->{input_params}->{$_} = @v <= 1 ? $v[0] : \@v;
+        ($params->{$_}) = @{$params->{$_}} if @{$params->{$_}} <= 1;
     }
+    $cache->{input_params} = $params;
     return $cache->{input_params};
 }
 
@@ -567,7 +567,7 @@ sub login
     return $class->user if $class->user->id;
 
     my $authorizer = new Bugzilla::Auth();
-    $type = LOGIN_REQUIRED if $class->cgi->param('GoAheadAndLogIn');
+    $type = LOGIN_REQUIRED if Bugzilla->input_params->{GoAheadAndLogIn};
 
     if (!defined $type || $type == LOGIN_NORMAL)
     {
@@ -591,7 +591,7 @@ sub login
     # 3: There must be a valid value in the 'sudo' cookie
     # 4: A Bugzilla::User object must exist for the given cookie value
     # 5: That user must NOT be in the 'bz_sudo_protect' group
-    my $token = $class->cgi->cookie('sudo');
+    my $token = $class->cookies->{sudo};
     if (defined $authenticated_user && $token)
     {
         my ($user_id, $date, $sudo_target_id) = Bugzilla::Token::GetTokenData($token);
@@ -675,6 +675,8 @@ sub logout_request
     my $class = shift;
     delete $class->request_cache->{user};
     delete $class->request_cache->{sudoer};
+    delete $class->cookies->{Bugzilla_login};
+    delete $class->cookies->{Bugzilla_logincokie};
     # We can't delete from $cgi->cookie, so logincookie data will remain
     # there. Don't rely on it: use Bugzilla->user->login instead!
 }
@@ -846,7 +848,7 @@ sub switch_to_main_db
 sub messages
 {
     my $class = shift;
-    my $lc = $class->cgi->cookie('LANG') || 'en';
+    my $lc = $class->cookies->{LANG} || 'en';
     $lc =~ s/\W+//so;
     if (!$INC{'Bugzilla::Language::'.$lc})
     {
diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm
index 00e9a287e..c67157db4 100644
--- a/Bugzilla/Attachment/PatchReader.pm
+++ b/Bugzilla/Attachment/PatchReader.pm
@@ -257,26 +257,25 @@ sub setup_patch_readers {
 
 sub setup_template_patch_reader {
     my ($last_reader, $format, $context, $vars) = @_;
-    my $cgi = Bugzilla->cgi;
     my $template = Bugzilla->template;
 
     require PatchReader::DiffPrinter::template;
 
     # Define the vars for templates.
-    if (defined $cgi->param('headers')) {
-        $vars->{'headers'} = $cgi->param('headers');
+    if (defined Bugzilla->input_params->{headers}) {
+        $vars->{'headers'} = Bugzilla->input_params->{headers};
     }
     else {
         $vars->{'headers'} = 1;
     }
 
-    $vars->{'collapsed'} = $cgi->param('collapsed');
+    $vars->{'collapsed'} = Bugzilla->input_params->{collapsed};
     $vars->{'context'} = $context;
     $vars->{'do_context'} = Bugzilla->localconfig->{cvsbin} 
                             && Bugzilla->params->{'cvsroot_get'} && !$vars->{'newid'};
 
     # Print everything out.
-    $cgi->send_header(-type => 'text/html',
+    Bugzilla->cgi->send_header(-type => 'text/html',
                        -expires => '+3M');
 
     $last_reader->sends_data_to(new PatchReader::DiffPrinter::template($template,
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm
index 8941261e0..146dd0b7a 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/Login/CGI.pm
@@ -55,16 +55,15 @@ sub get_login_info {
 
 sub fail_nodata {
     my ($self) = @_;
-    my $cgi = Bugzilla->cgi;
     my $template = Bugzilla->template;
 
     if (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
         ThrowUserError('login_required');
     }
 
-    my $format = $cgi->param('format') eq 'simple' ? '-simple' : '';
+    my $format = Bugzilla->input_params->{format} eq 'simple' ? '-simple' : '';
     $template->process("account/auth/login$format.html.tmpl",
-                       { 'target' => $cgi->url(-relative=>1) })
+                       { 'target' => Bugzilla->cgi->url(-relative=>1) })
         || ThrowTemplateError($template->error());
     exit;
 }
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 65915f99c..7bd5dd1df 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -36,8 +36,8 @@ sub get_login_info {
     my $dbh = Bugzilla->dbh;
 
     my $ip_addr = remote_ip();
-    my $login_cookie = $cgi->cookie("Bugzilla_logincookie");
-    my $user_id = $cgi->cookie("Bugzilla_login");
+    my $login_cookie = Bugzilla->cookies->{Bugzilla_logincookie};
+    my $user_id = Bugzilla->cookies->{Bugzilla_login};
 
     # If cookies cannot be found, this could mean that they haven't
     # been made available yet. In this case, look at Bugzilla_cookie_list.
diff --git a/Bugzilla/Auth/Login/FOF_Sudo.pm b/Bugzilla/Auth/Login/FOF_Sudo.pm
index fb5b6581e..288b42252 100644
--- a/Bugzilla/Auth/Login/FOF_Sudo.pm
+++ b/Bugzilla/Auth/Login/FOF_Sudo.pm
@@ -40,7 +40,7 @@ use constant requires_verification => 0;
 sub get_login_info {
     my ($self) = @_;
 
-    my $cookie = Bugzilla->cgi->cookie('fof_sudo_id');
+    my $cookie = Bugzilla->cookies->{fof_sudo_id};
     my $server = Bugzilla->params->{fof_sudo_server};
     return { failure => AUTH_NODATA } unless $cookie && $server;
 
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 232212075..65c058626 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -126,7 +126,7 @@ sub logout {
         $login_cookie = $cookie->value;
     }
     else {
-        $login_cookie = $cgi->cookie("Bugzilla_logincookie");
+        $login_cookie = Bugzilla->cookies->{Bugzilla_logincookie};
     }
     trick_taint($login_cookie);
 
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 8af452d1b..09f632f0f 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -942,9 +942,9 @@ sub check_dependent_fields
     my $verify_bug_groups = undef;
     if ($self->id && $self->{_old_self}->product_id != $self->product_id)
     {
-        # FIXME Do not call CGI from Bugzilla::Bug!
-        if (!Bugzilla->cgi->param('verify_bug_groups') &&
-            Bugzilla->cgi->param('id'))
+        # FIXME Do not use input_params from Bugzilla::Bug
+        if (!Bugzilla->input_params->{verify_bug_groups} &&
+            Bugzilla->input_params->{id})
         {
             # Display group verification message only for single bug changes
             # Get the ID of groups which are no longer valid in the new product.
@@ -1487,8 +1487,8 @@ sub save_added_comments
     delete $self->{comments} if @{$self->{added_comments} || []};
     foreach my $comment (@{$self->{added_comments} || []})
     {
-        # FIXME Don't talk to CGI from here
-        if (Bugzilla->cgi->param('commentsilent'))
+        # FIXME Do not use input_params from Bugzilla::Bug
+        if (Bugzilla->input_params->{commentsilent})
         {
             # Log silent comments
             SilentLog($self->id, $comment->{thetext});
@@ -1963,10 +1963,9 @@ sub _set_dup_id
     # not adding the user, as the safest option.
     elsif (Bugzilla->usage_mode == USAGE_MODE_BROWSER)
     {
-        # FIXME Don't talk to CGI from Bugzilla::Bug
+        # FIXME Do not use input_params from Bugzilla::Bug
         # If we've already confirmed whether the user should be added...
-        my $cgi = Bugzilla->cgi;
-        my $add_confirmed = $cgi->param('confirm_add_duplicate');
+        my $add_confirmed = Bugzilla->input_params->{confirm_add_duplicate};
         if (defined $add_confirmed)
         {
             $add_dup_cc = $add_confirmed;
@@ -1985,7 +1984,6 @@ sub _set_dup_id
             $vars->{cclist_accessible} = $dupe_of_bug->cclist_accessible;
             $vars->{original_bug_id} = $dupe_of;
             $vars->{duplicate_bug_id} = $self->id;
-            $cgi->send_header();
             $template->process("bug/process/confirm-duplicate.html.tmpl", $vars)
                 || ThrowTemplateError($template->error);
             exit;
diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm
index 6fa465d30..ed3f76f2a 100644
--- a/Bugzilla/BugMail.pm
+++ b/Bugzilla/BugMail.pm
@@ -94,8 +94,8 @@ sub send_results
     elsif ($vars->{message} eq 'bugmail')
     {
         $vars->{sent_bugmail} = Send($vars->{bug_id}, $vars->{mailrecipients}, $vars->{commentsilent});
-        # FIXME Don't take commentsilent from cgi here
-        $vars->{commentsilent} = Bugzilla->cgi->param('commentsilent') ? 1 : 0;
+        # FIXME Do not use input_params from Bugzilla::BugMail
+        $vars->{commentsilent} = Bugzilla->input_params->{commentsilent} ? 1 : 0;
     }
     return $vars;
 }
diff --git a/Bugzilla/CheckerUtils.pm b/Bugzilla/CheckerUtils.pm
index 8cd05fb9f..0426f5062 100644
--- a/Bugzilla/CheckerUtils.pm
+++ b/Bugzilla/CheckerUtils.pm
@@ -95,7 +95,7 @@ sub alert
             push(@warn, $_);
         }
     }
-    my $force = 1 && Bugzilla->cgi->param('force_checkers');
+    my $force = 1 && Bugzilla->input_params->{force_checkers};
     if (!@fatal && (!@warn || $force))
     {
         # Either there are no errors or there are only non-fatal ones and the used clicked "DO WHAT I SAY"
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 177a7a863..96abc0e30 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -1109,7 +1109,7 @@ sub notify
     }
 
     # FIXME move "silent" indication out of cgi.commentsilent
-    if (Bugzilla->cgi->param('commentsilent') &&
+    if (Bugzilla->input_params->{commentsilent} &&
         Bugzilla->user->settings->{silent_affects_flags}->{value} eq 'do_not_send')
     {
         # Your changes are marked as Silent. No mail is sent.
diff --git a/Bugzilla/Install/Util.pm b/Bugzilla/Install/Util.pm
index 3f23897de..37d89bfcb 100644
--- a/Bugzilla/Install/Util.pm
+++ b/Bugzilla/Install/Util.pm
@@ -175,7 +175,7 @@ sub include_languages {
         # Bugzilla:Util::i_am_cgi.
         if (exists $ENV{'SERVER_SOFTWARE'}) {
             my $cgi = Bugzilla->cgi;
-            if (defined (my $lang = $cgi->cookie('LANG'))) {
+            if (defined (my $lang = Bugzilla->cookies->{LANG})) {
                 unshift @wanted, $lang;
             }
         }
diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm
index 49e4e0145..d52cf9214 100644
--- a/Bugzilla/Mailer.pm
+++ b/Bugzilla/Mailer.pm
@@ -55,7 +55,7 @@ use Email::Sender::Simple;
 sub MessageToMTA {
     my ($msg, $send_now) = (@_);
     my $method = Bugzilla->params->{'mail_delivery_method'};
-    $method = 'Test' if Bugzilla->cgi->param('MailDeliveryTest');
+    $method = 'Test' if Bugzilla->input_params->{MailDeliveryTest};
     return if $method eq 'None';
 
     if (Bugzilla->params->{'use_mailer_queue'} and !$send_now) {
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 0a4bf42ab..f64b02438 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -1118,7 +1118,7 @@ sub choose_product
     ThrowUserError('no_products') unless @$products;
     return $products->[0] if @$products == 1;
 
-    my $qp = { %$query_params };
+    my $qp = { %{ $query_params || Bugzilla->input_params } };
     delete $qp->{classification};
     $qp = http_build_query($qp);
     $qp .= '&' if length $qp;
diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm
index 798ad17e6..2b6517fd7 100644
--- a/Bugzilla/Search/Quicksearch.pm
+++ b/Bugzilla/Search/Quicksearch.pm
@@ -221,7 +221,7 @@ sub quicksearch
     delete $ARGS->{$_} for ('quicksearch', 'load', 'run');
 
     my $order;
-    if ($order = Bugzilla->cgi->cookie('LASTORDER'))
+    if ($order = Bugzilla->cookies->{LASTORDER})
     {
         $order =~ s/relevance(\s*(a|de)sc)?,|,relevance(\s*(a|de)sc)?//iso;
         $order = "relevance DESC,$order";
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 02244ad6e..0a2ebe0b3 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -1047,15 +1047,6 @@ sub create {
             # FIXME find a better place for this function
             'use_keywords' => sub { return Bugzilla::Keyword->any_exist; },
 
-            'last_bug_list' => sub {
-                my @bug_list;
-                my $cgi = Bugzilla->cgi;
-                if ($cgi->cookie("BUGLIST")) {
-                    @bug_list = split(/:/, $cgi->cookie("BUGLIST"));
-                }
-                return \@bug_list;
-            },
-
             'feature_enabled' => sub { return Bugzilla->feature(@_); },
 
             'install_string' => \&Bugzilla::Install::Util::install_string,
@@ -1221,9 +1212,7 @@ Bugzilla::Template - Wrapper around the Template Toolkit C<Template> object
 =head1 SYNOPSIS
 
   my $template = Bugzilla::Template->create;
-  my $format = $template->get_format("foo/bar",
-                                     scalar($cgi->param('format')),
-                                     scalar($cgi->param('ctype')));
+  my $format = $template->get_format("foo/bar", $ARGS->{format}, $ARGS->{ctype});
 
 =head1 DESCRIPTION
 
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 19d81745b..9c643aec2 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -396,7 +396,6 @@ sub check_token_data {
         unless ($creator_id) {
             $token = issue_session_token($expected_action);
             Bugzilla->input_params->{token} = $token;
-            $cgi->param('token', $token);
         }
 
         $cgi->send_header();
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 08c520aec..b67be1684 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1288,7 +1288,6 @@ sub match_field
 {
     my $fields       = shift;   # arguments as a hash
     my $data         = shift || Bugzilla->input_params; # hash to look up fields in
-    my $cgi          = $data eq Bugzilla->input_params ? Bugzilla->cgi : undef;
     my $behavior     = shift || 0; # A constant that tells us how to act
     my $matches      = {};      # the values sent to the template
     my $matchsuccess = 1;       # did the match fail?
@@ -1348,7 +1347,6 @@ sub match_field
                         # has been deleted (may occur in race conditions).
                         delete $expanded_fields->{$field_name};
                         delete $data->{$field_name};
-                        $cgi->delete($field_name) if $cgi;
                     }
                 }
             }
@@ -1382,7 +1380,6 @@ sub match_field
             # We will repopulate it later if a match is found, else it must
             # be set to an empty string so that the field remains defined.
             $data->{$field} = '';
-            $cgi->param($field, '') if $cgi;
         }
         elsif ($fields->{$field}->{type} eq 'multi')
         {
@@ -1390,7 +1387,6 @@ sub match_field
             # We will repopulate it later if a match is found, else it must
             # be undefined.
             delete $data->{$field};
-            $cgi->delete($field) if $cgi;
         }
         else
         {
@@ -1465,12 +1461,10 @@ sub match_field
         if ($fields->{$field}->{type} eq 'single')
         {
             $data->{$field} = $logins[0] || '';
-            $cgi->param($field, $logins[0] || '') if $cgi;
         }
         elsif (scalar @logins)
         {
             $data->{$field} = \@logins;
-            $cgi->param($field, @logins) if $cgi;
         }
     }
     my $retval;
@@ -1494,7 +1488,7 @@ sub match_field
     }
 
     my $vars = {};
-    $vars->{script}        = $cgi->url(-relative => 1); # for self-referencing URLs
+    $vars->{script}        = Bugzilla->cgi->url(-relative => 1); # for self-referencing URLs
     $vars->{fields}        = $fields; # fields being matched
     $vars->{matches}       = $matches; # matches that were made
     $vars->{matchsuccess}  = $matchsuccess; # continue or fail
@@ -1814,8 +1808,7 @@ sub create
 sub read_new_functionality
 {
     my ($self) = @_;
-    my $cgi = Bugzilla->cgi;
-    my $time = $cgi->cookie('read_new_functionality');
+    my $time = Bugzilla->cookies->{read_new_functionality};
     $time = 0 unless $time;
     my @lu = map { $_ - 0} Bugzilla->params->{new_functionality_tsp} =~ m/(\d+)/g;
     my $last_updated = POSIX::mktime($lu[5], $lu[4], $lu[3], $lu[2], $lu[1] - 1, $lu[0] - 1900);
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index 74ef51b39..0a42bb160 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -85,8 +85,7 @@ sub response {
             push(@header_args, "-$name", $value);
         }
     }
-    my $cgi = $self->cgi;
-    $cgi->send_header(-status => $response->code, @header_args);
+    Bugzilla->cgi->send_header(-status => $response->code, @header_args);
     print $response->content;
 }
 
@@ -100,14 +99,14 @@ sub response {
 # clients.
 sub retrieve_json_from_get {
     my $self = shift;
-    my $cgi = $self->cgi;
+    my $ARGS = Bugzilla->input_params;
 
     my %input;
 
     # Both version and id must be set before any errors are thrown.
-    if ($cgi->param('version')) {
-        $self->version(scalar $cgi->param('version'));
-        $input{version} = $cgi->param('version');
+    if ($ARGS->{version}) {
+        $self->version($ARGS->{version});
+        $input{version} = $ARGS->{version};
     }
     else {
         $self->version('1.0');
@@ -118,8 +117,8 @@ sub retrieve_json_from_get {
     # expect all clients to specify some id parameter just to get a response,
     # so we don't require it.
     my $id;
-    if (defined $cgi->param('id')) {
-        $id = $cgi->param('id');
+    if (defined $ARGS->{id}) {
+        $id = $ARGS->{id};
     }
     # However, JSON::RPC does require that an id exist in most cases, in
     # order to throw proper errors. We use the installation's urlbase as
@@ -133,22 +132,22 @@ sub retrieve_json_from_get {
 
     # _bz_callback can throw an error, so we have to set it here, after we're
     # ready to throw errors.
-    $self->_bz_callback(scalar $cgi->param('callback'));
+    $self->_bz_callback($ARGS->{callback});
 
-    if (!$cgi->param('method')) {
+    if (!$ARGS->{method}) {
         ThrowUserError('json_rpc_get_method_required');
     }
-    $input{method} = $cgi->param('method');
+    $input{method} = $ARGS->{method};
 
     my $params;
-    if (defined $cgi->param('params')) {
+    if (defined $ARGS->{params}) {
         local $@;
-        $params = eval { 
-            $self->json->decode(scalar $cgi->param('params')) 
+        $params = eval {
+            $self->json->decode($ARGS->{params})
         };
         if ($@) {
             ThrowUserError('json_rpc_invalid_params',
-                           { params => scalar $cgi->param('params'),
+                           { params => $ARGS->{params},
                              err_msg  => $@ });
         }
     }
diff --git a/buglist.cgi b/buglist.cgi
index a76e609f3..d77f07e87 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -214,9 +214,8 @@ my $params;
 # storing the query string so that it looks like a query retrieving those bugs.
 if (defined $ARGS->{regetlastlist})
 {
-    $cgi->cookie('BUGLIST') || ThrowUserError('missing_cookie');
+    my $bug_id = Bugzilla->cookies->{BUGLIST} || ThrowUserError('missing_cookie');
     $order = 'reuse last sort' unless $order;
-    my $bug_id = $cgi->cookie('BUGLIST');
     $bug_id =~ s/:/,/g;
     # set up the params for this new query
     $params = {
@@ -544,9 +543,9 @@ if (defined $params->{columnlist} && $params->{columnlist} ne 'all')
 {
     @displaycolumns = split(/[ ,]+/, $params->{columnlist});
 }
-elsif (defined $cgi->cookie('COLUMNLIST'))
+elsif (defined Bugzilla->cookies->{COLUMNLIST})
 {
-    @displaycolumns = split(/ /, $cgi->cookie('COLUMNLIST'));
+    @displaycolumns = split(/ /, Bugzilla->cookies->{COLUMNLIST});
 }
 else
 {
@@ -684,9 +683,8 @@ if ($superworktime && !grep($_ eq 'product_notimetracking', @displaycolumns))
 # the order is not defined or its value is "reuse last sort"
 if (!$order || $order =~ /^reuse/i)
 {
-    if ($cgi->cookie('LASTORDER'))
+    if ($order = Bugzilla->cookies->{LASTORDER})
     {
-        $order = $cgi->cookie('LASTORDER');
         # Cookies from early versions of Specific Search included this text,
         # which is now invalid.
         $order =~ s/ LIMIT 200//;
@@ -1110,7 +1108,7 @@ if (scalar(@bugowners) > 1 && Bugzilla->user->in_group('editbugs'))
 
 # Whether or not to split the column titles across two rows to make
 # the list more compact.
-$vars->{splitheader} = $cgi->cookie('SPLITHEADER') ? 1 : 0;
+$vars->{splitheader} = Bugzilla->cookies->{SPLITHEADER} ? 1 : 0;
 
 $vars->{quip} = GetQuip();
 $vars->{currenttime} = localtime(time());
diff --git a/process_bug.cgi b/process_bug.cgi
index 3e6d37a1a..f35f90678 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -279,9 +279,9 @@ if ($ARGS->{id})
     if ($action eq 'next_bug')
     {
         my @bug_list;
-        if ($cgi->cookie("BUGLIST")) # FIXME
+        if (Bugzilla->cookies->{BUGLIST}) # FIXME
         {
-            @bug_list = split /:/, $cgi->cookie("BUGLIST");
+            @bug_list = split /:/, Bugzilla->cookies->{BUGLIST};
         }
         my $cur = lsearch(\@bug_list, $ARGS->{id});
         if ($cur >= 0 && $cur < $#bug_list)
@@ -723,6 +723,7 @@ if (scalar(@bug_objects) == 1 && $action ne 'nothing' && Bugzilla->save_session_
 else
 {
     # End the response page.
+    $vars->{last_bug_list} = [ split /:/, Bugzilla->{cookies}->{BUGLIST} ];
     $template->process("global/header.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
     $template->process("bug/navigate.html.tmpl", $vars)
diff --git a/query.cgi b/query.cgi
index d40446198..01635afdc 100755
--- a/query.cgi
+++ b/query.cgi
@@ -56,15 +56,15 @@ my $userid = $user->id;
 if ($userid)
 {
     my @oldquerycookies;
-    foreach my $i ($cgi->cookie()) {
+    foreach my $i (keys %{Bugzilla->cookies}) {
         if ($i =~ /^QUERY_(.*)$/) {
-            push @oldquerycookies, [$1, $i, $cgi->cookie($i)];
+            push @oldquerycookies, [$1, $i, Bugzilla->cookies->{$i}];
         }
     }
-    if (defined $cgi->cookie('DEFAULTQUERY'))
+    if (defined Bugzilla->cookies->{DEFAULTQUERY})
     {
         push @oldquerycookies, [DEFAULT_QUERY_NAME, 'DEFAULTQUERY',
-                                $cgi->cookie('DEFAULTQUERY')];
+                                Bugzilla->cookies->{DEFAULTQUERY}];
     }
     if (@oldquerycookies)
     {
@@ -247,7 +247,7 @@ if ($userid)
 my $deforder;
 my @orders = ('Bug Number', 'Importance', 'Assignee', 'Last Changed', 'relevance');
 
-if ($cgi->cookie('LASTORDER'))
+if (Bugzilla->cookies->{LASTORDER})
 {
     $deforder = "Reuse same sort as last time";
     unshift(@orders, $deforder);
@@ -282,7 +282,7 @@ $vars->{columnlist} = $params->{columnlist};
 $vars->{default} = $default;
 
 # Set default page to "advanced" if none provided
-$vars->{query_format} = $params->{query_format} || $params->{format} || $cgi->cookie('DEFAULTFORMAT') || 'advanced';
+$vars->{query_format} = $params->{query_format} || $params->{format} || Bugzilla->cookies->{DEFAULTFORMAT} || 'advanced';
 if ($vars->{query_format} eq 'create-series')
 {
     require Bugzilla::Chart;
diff --git a/sanitycheck.pl b/sanitycheck.pl
index d9b03fc41..f1cec907e 100755
--- a/sanitycheck.pl
+++ b/sanitycheck.pl
@@ -44,25 +44,25 @@ $login || ThrowUserError('invalid_username');
 my $user = new Bugzilla::User({ name => $login })
     || ThrowUserError('invalid_username', { name => $login });
 
-my $cgi = Bugzilla->cgi;
+my $ARGS = Bugzilla->input_params;
 my $template = Bugzilla->template;
 
 # Authenticate using this user account.
 Bugzilla->set_user($user);
 
 # Pass this param to sanitycheck.cgi.
-$cgi->param('verbose', $verbose);
+$ARGS->{verbose} = $verbose;
 
 require 'sanitycheck.cgi';
 
 # Now it's time to send an email to the user if there is something to notify.
-if ($cgi->param('output'))
+if ($ARGS->{output})
 {
     my $message;
     my $vars = {};
     $vars->{addressee} = $user->email;
-    $vars->{output} = $cgi->param('output');
-    $vars->{error_found} = $cgi->param('error_found') ? 1 : 0;
+    $vars->{output} = $ARGS->{output};
+    $vars->{error_found} = $ARGS->{error_found} ? 1 : 0;
     $template->process('email/sanitycheck.txt.tmpl', $vars, \$message)
         || ThrowTemplateError($template->error());
     MessageToMTA($message);
diff --git a/show_bug.cgi b/show_bug.cgi
index b24dbcbc5..0aed5f707 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -111,6 +111,7 @@ else
 
 $vars->{bugs} = \@bugs;
 $vars->{marks} = \%marks;
+$vars->{last_bug_list} = [ split /:/, Bugzilla->cookies->{BUGLIST} ];
 
 my @bugids = map { $_->bug_id } grep { ref $_ } @bugs;
 $vars->{bugids} = join(', ', @bugids);