Do you really understand what each of these functions does?
Go look up show_source in the PHP manual. Tell me, what do you think disabling it, but not disabling highlight_file will get you? What does disabling either of these to prevent the functionally identical highlight_string(file_get_contents(...))? And how in the blue blazes is this functionality supposed to be used in some sort of exploit?
What does disabling curl get you? There's nothing that it does that can't be done through the built in stream handlers. Why don't you try and disable those as well?
Why disable exec but not create_function? assert can also be used to evaluate string as code.
This smells like some PHP4-era copy/paste cargo cult crap that should be avoided, not recommended.
I don't understand why you would include curl in your listing? There are plenty of legitimate uses for it, for example as part of my work I recently used it on a data processing server to trigger post creation of Wordpress posts via the xmlrpc server which is built in to Wordpress.
Go look up show_source in the PHP manual. Tell me, what do you think disabling it, but not disabling highlight_file will get you? What does disabling either of these to prevent the functionally identical highlight_string(file_get_contents(...))? And how in the blue blazes is this functionality supposed to be used in some sort of exploit?
What does disabling curl get you? There's nothing that it does that can't be done through the built in stream handlers. Why don't you try and disable those as well?
Why disable exec but not create_function? assert can also be used to evaluate string as code.
This smells like some PHP4-era copy/paste cargo cult crap that should be avoided, not recommended.