A PHP Function Called Stream_Wrapper_Unregister Disables a Previously Registered URL Wrapper
A php function called stream_wrapper_unregister disables a previously registered URL wrapper. The function can be overridden with a user defined wrapper using the function stream_wrapper_register() or re-enabled later on with the function stream_wrapper_restore().
A stream is a resource object that exhibits streaming behavior; it can be read from or written to in a linear fashion and may be fseek() to arbitrary positions within the stream. Streams are built into PHP by default (see Appendix M). Additional, custom wrappers may be registered within a script using stream_wrapper_register() or via extensions. Wrappers are augmented by contexts which contain various parameters and options which modify the flow of the stream. Contexts are passed to most filesystem related stream creation functions (i.e. fopen(), file(), and file_get_contents()).
In addition to the basic functionality provided by the Zend engine, PHP has 3 main types of function: internal functions which are provided by PHP and installed extensions, user-defined functions which are created in the running script and anonymous functions also known as closures which are executed as part of the scope of the calling script and do not have a defined name. PHP includes a function to disable internal functions if the function is found to be dangerous; however, this directive is only effective against PHP versions prior to PHP 4.3 and cannot be circumvented by extension developers.
When a script uses a function, it is looked up in the PHP function table (function_table) to find its handler. Both internal and user-defined functions are stored in the function table, but only the handler for a specific function will be used when a script calls that function. This is why disabling a function with disable_functions does not stop attacks from exploiting it.