Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(revision 15646)
+++ wp-includes/functions.php	(working copy)
@@ -217,47 +217,45 @@
 }
 
 /**
- * Check value to find if it was serialized.
+ * Check if value is serialized.
  *
  * If $data is not an string, then returned value will always be false.
  * Serialized data is always a string.
+ * 
+ * NOTICE: There can be no guarantee wether the data passed was not
+ * just a string even if this function returns true.
  *
  * @since 2.0.5
  *
  * @param mixed $data Value to check to see if was serialized.
- * @return bool False if not serialized and true if it was.
+ * @return bool False if not serialized and true if.
  */
 function is_serialized( $data ) {
-	// if it isn't a string, it isn't serialized
 	if ( !is_string( $data ) )
 		return false;
 	$data = trim( $data );
  	if ( 'N;' == $data )
-		return true;
-	if ( function_exists('strpbrk') ) {
-		if ( strlen($data) > 1 && strpbrk($data,'adObis') == $data && $data[1] == ':' ) {
-			$badions = array();
-			$badions[1] = $data[0];
-		} else {
-			return false;
-		}
-	} elseif ( !preg_match( '/^([adObis]):/', $data, $badions ) ) {
+		return true; # NULL; fixed length: 2
+	if ( strlen( $data ) < 4 )
 		return false;
+	if ( ':' !== $data[1] )
+		return false;
+	$type = $data[0];
+	if ( false === strpos('abdiOs', $type ) )
+		return false;
+
+	switch ( $type ) {
+		case 'a' : # array; min length: 6
+			return (bool) preg_match( '/^a:[0-9]+:{.*}$/s', $data );
+		case 'b' : # bool; min length: 4
+		case 'd' : # double; min length: 4
+		case 'i' : # integer; min length: 4
+			return (bool) preg_match( "/^{$type}:[0-9.E+-]+;\$/", $data );
+		case 'O' : # object; min length 12
+			return (bool) preg_match( '/^O:[0-9]+:"[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*":[0-9]+:{.*}$/s', $data );
+		case 's' : # string; min length 7
+			return (bool) preg_match( '/^s:[0-9]+:".*";$/s', $data );
 	}
-	switch ( $badions[1] ) {
-		case 'a' :
-		case 'O' :
-		case 's' :
-			if ( preg_match( "/^{$badions[1]}:[0-9]+:.*[;}]\$/s", $data ) )
-				return true;
-			break;
-		case 'b' :
-		case 'i' :
-		case 'd' :
-			if ( preg_match( "/^{$badions[1]}:[0-9.E-]+;\$/", $data ) )
-				return true;
-			break;
-	}
 	return false;
 }