badwords: use hostname, not host name

and username, filename - consistently. Fixed the patterns in
badwords.txt to catch these.

Closes #12888

.github/scripts/badwords.txt

@@ -23,14 +23,13 @@ isn't:is not
  a http: an http
  a ftp: an ftp
  url =URL
-internet\W=Internet
+internet\b=Internet
 isation:ization
 it's:it is
 there's:there is
 [^.]\. And: Rewrite it somehow?
 ^(And|So|But) = Rewrite it somehow?
 \. But: Rewrite it somehow?
-file name :filename
 \. So : Rewrite without "so" ?
  dir :directory
 you'd:you would
@@ -38,8 +37,12 @@ you'll:you will
 can't:cannot
 that's:that is
 web page:webpage
-host name\W:hostname
-file name\W:filename
+host name\b:hostname
+host names\b:hostnames
+file name\b:filename
+file names\b:filenames
+user name\b:username
+user names\b:usernames
 didn't:did not
 doesn't:does not
 won't:will not

docs/MANUAL.md

@@ -829,9 +829,9 @@ set in (only an asterisk, `*` matches all hosts)
 
     NO_PROXY
 
-If the hostname matches one of these strings, or the host is within the
-domain of one of these strings, transactions with that node will not be done
-over proxy. When a domain is used, it needs to start with a period. A user can
+If the hostname matches one of these strings, or the host is within the domain
+of one of these strings, transactions with that node will not be done over
+proxy. When a domain is used, it needs to start with a period. A user can
 specify that both www.example.com and foo.example.com should not use a proxy
 by setting `NO_PROXY` to `.example.com`. By including the full name you can
 exclude specific hostnames, so to make `www.example.com` not use a proxy but

docs/libcurl/curl_formadd.md

@@ -299,12 +299,12 @@ int main(void)
 
 # AVAILABILITY
 
-Deprecated in 7.56.0. Before this release, field names were allowed to
-contain zero-valued bytes. The pseudo-filename "-" to read stdin is
-discouraged although still supported, but data is not read before being
-actually sent: the effective data size can then not be automatically
-determined, resulting in a chunked encoding transfer. Backslashes and
-double quotes in field and file names are now escaped before transmission.
+Deprecated in 7.56.0. Before this release, field names were allowed to contain
+zero-valued bytes. The pseudo-filename "-" to read stdin is discouraged
+although still supported, but data is not read before being actually sent: the
+effective data size can then not be automatically determined, resulting in a
+chunked encoding transfer. Backslashes and double quotes in field and
+filenames are now escaped before transmission.
 
 # RETURN VALUE
 

docs/libcurl/curl_url_get.md

@@ -76,9 +76,9 @@ operation returns an error instead.
 
 ## CURLU_URLENCODE
 
-If set, curl_url_get(3) URL encodes the hostname part when a full URL
-is retrieved. If not set (default), libcurl returns the URL with the host name
-"raw" to support IDN names to appear as-is. IDN host names are typically using
+If set, curl_url_get(3) URL encodes the hostname part when a full URL is
+retrieved. If not set (default), libcurl returns the URL with the hostname raw
+to support IDN names to appear as-is. IDN hostnames are typically using
 non-ASCII bytes that otherwise gets percent-encoded.
 
 Note that even when not asking for URL encoding, the '%' (byte 37) is URL

docs/libcurl/libcurl-env.md

@@ -90,8 +90,8 @@ precautions so that they are not stolen or otherwise inadvertently revealed.
 
 ## USER
 
-User name to use when invoking the *ntlm-wb* tool, if *NTLMUSER* and
-*LOGNAME* were not set.
+Username to use when invoking the *ntlm-wb* tool, if *NTLMUSER* and *LOGNAME*
+were not set.
 
 # Debug Variables
 

docs/libcurl/libcurl-security.md

@@ -218,15 +218,15 @@ information to be sent to an unknown second server. Applications can mitigate
 against this by disabling CURLOPT_FOLLOWLOCATION(3) and handling
 redirects itself, sanitizing where necessary.
 
-Use of the CURLAUTH_ANY option to CURLOPT_HTTPAUTH(3) could result in
-user name and password being sent in clear text to an HTTP server. Instead,
-use CURLAUTH_ANYSAFE which ensures that the password is encrypted over the
+Use of the CURLAUTH_ANY option to CURLOPT_HTTPAUTH(3) could result in username
+and password being sent in clear text to an HTTP server. Instead, use
+CURLAUTH_ANYSAFE which ensures that the password is encrypted over the
 network, or else fail the request.
 
 Use of the CURLUSESSL_TRY option to CURLOPT_USE_SSL(3) could result in
-user name and password being sent in clear text to an FTP server. Instead,
-use CURLUSESSL_CONTROL to ensure that an encrypted connection is used or else
-fail the request.
+username and password being sent in clear text to an FTP server. Instead, use
+CURLUSESSL_CONTROL to ensure that an encrypted connection is used or else fail
+the request.
 
 # Cookies
 
@@ -419,9 +419,9 @@ plain HTTP connection.
 
 Relatedly, be aware that in situations when you have problems with libcurl and
 ask someone for help, everything you reveal in order to get best possible help
-might also impose certain security related risks. Host names, user names,
-paths, operating system specifics, etc. (not to mention passwords of course)
-may in fact be used by intruders to gain additional information of a potential
+might also impose certain security related risks. Hostnames, usernames, paths,
+operating system specifics, etc. (not to mention passwords of course) may in
+fact be used by intruders to gain additional information of a potential
 target.
 
 Be sure to limit access to application logs if they could hold private or

docs/libcurl/libcurl-tutorial.md

@@ -675,10 +675,10 @@ becomes:
  curl_mime_data_cb(part, (curl_off_t) -1, fread, fseek, NULL, stdin);
 ~~~
 
-curl_mime_name(3) always copies the field name. The special file name
-"-" is not supported by curl_mime_filename(3): to read an open file, use
-a callback source using fread(). The transfer is be chunk-encoded since the
-data size is unknown.
+curl_mime_name(3) always copies the field name. The special filename "-" is
+not supported by curl_mime_filename(3): to read an open file, use a callback
+source using fread(). The transfer is be chunk-encoded since the data size is
+unknown.
 
 ~~~c
  curl_formadd(&post, &last,

docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md

@@ -33,8 +33,7 @@ default, libcurl caches this info for 60 seconds.
 
 We recommend users not to tamper with this option unless strictly necessary.
 If you do, be careful of using large values that can make the cache size grow
-significantly if many different host names are used within that timeout
-period.
+significantly if many different hostnames are used within that timeout period.
 
 The name resolve functions of various libc implementations do not re-read name
 server information unless explicitly told so (for example, by calling

docs/libcurl/opts/CURLOPT_MAIL_RCPT.md

@@ -35,7 +35,7 @@ as the first character libcurl assumes you provided a single email address and
 encloses that address within brackets for you.
 
 When performing an address verification (**VRFY** command), each recipient
-should be specified as the user name or user name and domain (as per Section
+should be specified as the username or username plus domain (as per Section
 3.5 of RFC 5321).
 
 When performing a mailing list expand (**EXPN** command), each recipient

docs/libcurl/opts/CURLOPT_NETRC.md

@@ -25,8 +25,8 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NETRC, long level);
 # DESCRIPTION
 
 This parameter controls the preference *level* of libcurl between using
-user names and passwords from your *~/.netrc* file, relative to user names
-and passwords in the URL supplied with CURLOPT_URL(3).
+usernames and passwords from your *~/.netrc* file, relative to usernames and
+passwords in the URL supplied with CURLOPT_URL(3).
 
 On Windows, libcurl uses the file as *%HOME%/_netrc*. If *%HOME%* is
 not set on Windows, libcurl falls back to *%USERPROFILE%*.

docs/libcurl/opts/CURLOPT_NOPROXY.md

@@ -32,9 +32,8 @@ list is matched as either a domain which contains the hostname, or the
 hostname itself. For example, "ample.com" would match ample.com, ample.com:80,
 and www.ample.com, but not www.example.com or ample.com.org.
 
-Setting the *noproxy* string to "" (an empty string) explicitly enables
-the proxy for all host names, even if there is an environment variable set for
-it.
+Setting the *noproxy* string to "" (an empty string) explicitly enables the
+proxy for all hostnames, even if there is an environment variable set for it.
 
 Enter IPv6 numerical addresses in the list of hostnames without enclosing
 brackets:

docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md

@@ -25,10 +25,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYUSERPWD, char *userpwd);
 
 # DESCRIPTION
 
-Pass a char pointer as parameter, which should be [user name]:[password] to
-use for the connection to the HTTP proxy. Both the name and the password are
-URL decoded before used, so to include for example a colon in the user name
-you should encode it as %3A. (This is different to how CURLOPT_USERPWD(3) is
+Pass a char pointer as parameter, which should be [username]:[password] to use
+for the connection to the HTTP proxy. Both the name and the password are URL
+decoded before used, so to include for example a colon in the username you
+should encode it as %3A. (This is different to how CURLOPT_USERPWD(3) is
 used - beware.)
 
 Use CURLOPT_PROXYAUTH(3) to specify the authentication method.

docs/libcurl/opts/CURLOPT_USERNAME.md

@@ -38,9 +38,8 @@ include the domain name in order for the server to successfully obtain a
 Kerberos Ticket. If you do not then the initial part of the authentication
 handshake may fail.
 
-When using NTLM, the user name can be specified simply as the user name
-without the domain name should the server be part of a single domain and
-forest.
+When using NTLM, the username can be specified simply as the username without
+the domain name should the server be part of a single domain and forest.
 
 To include the domain name use either Down-Level Logon Name or UPN (User
 Principal Name) formats. For example, **EXAMPLE\user** and

docs/libcurl/opts/CURLOPT_USERPWD.md

@@ -32,9 +32,8 @@ specify the user name part with the domain name in order for the server to
 successfully obtain a Kerberos Ticket. If you do not then the initial part of
 the authentication handshake may fail.
 
-When using NTLM, the user name can be specified simply as the user name
-without the domain name should the server be part of a single domain and
-forest.
+When using NTLM, the username can be specified simply as the username without
+the domain name should the server be part of a single domain and forest.
 
 To specify the domain name use either Down-Level Logon Name or UPN (User
 Principal Name) formats. For example **EXAMPLE\user** and **user@example.com**
@@ -55,8 +54,8 @@ based connections or CURLOPT_LOGIN_OPTIONS(3) to control IMAP, POP3 and
 SMTP options.
 
 The user and password strings are not URL decoded, so there is no way to send
-in a user name containing a colon using this option. Use
-CURLOPT_USERNAME(3) for that, or include it in the URL.
+in a username containing a colon using this option. Use CURLOPT_USERNAME(3)
+for that, or include it in the URL.
 
 The application does not have to keep the string around after setting this
 option.

docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md

@@ -27,8 +27,8 @@ Pass a char pointer as parameter, which should point to the null-terminated
 OAuth 2.0 Bearer Access Token for use with HTTP, IMAP, LDAP, POP3 and SMTP
 servers that support the OAuth 2.0 Authorization Framework.
 
-Note: For IMAP, LDAP, POP3 and SMTP, the user name used to generate the
-Bearer Token should be supplied via the CURLOPT_USERNAME(3) option.
+Note: For IMAP, LDAP, POP3 and SMTP, the username used to generate the Bearer
+Token should be supplied via the CURLOPT_USERNAME(3) option.
 
 The application does not have to keep the string around after setting this
 option.