Merge branch 'main' into patch-1

Makefile

@@ -297,7 +297,7 @@ misspell-check:
 		GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
 	@echo "Running misspell-check..."
-	@misspell -error -i unknwon,destory $(GO_SOURCES_OWN)
+	@misspell -error -i unknwon $(GO_SOURCES_OWN)
 
 .PHONY: misspell
 misspell:

cmd/dump.go

@@ -280,7 +280,7 @@ func runDump(ctx *cli.Context) error {
 	}
 
 	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
-		log.Info("Skiping custom directory")
+		log.Info("Skipping custom directory")
 	} else {
 		customDir, err := os.Stat(setting.CustomPath)
 		if err == nil && customDir.IsDir() {

cmd/hook.go

@@ -165,7 +165,7 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
 
-	// the environment setted on serv command
+	// the environment is set by serv command
 	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
@@ -320,7 +320,7 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
 
-	// the environment setted on serv command
+	// the environment is set by serv command
 	repoUser := os.Getenv(models.EnvRepoUsername)
 	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
 	repoName := os.Getenv(models.EnvRepoName)

cmd/migrate_storage.go

@@ -184,7 +184,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
 	}
 
-	log.Warn("All files have been copied to the new placement but old files are still on the orignial placement.")
+	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
 
 	return nil
 }

cmd/web_letsencrypt.go

@@ -19,7 +19,7 @@ import (
 func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
 
 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
-	// Due to docker port mapping this can't be checked programatically
+	// Due to docker port mapping this can't be checked programmatically
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
 	enableHTTPChallenge := true
 	enableTLSALPNChallenge := true

custom/conf/app.example.ini

@@ -659,7 +659,7 @@ PATH =
 ;; Public is for users visible for everyone
 ;DEFAULT_USER_VISIBILITY = public
 ;;
-;; Set whitch visibibilty modes a user can have
+;; Set which visibility modes a user can have
 ;ALLOWED_USER_VISIBILITY_MODES = public,limited,private
 ;;
 ;; Either "public", "limited" or "private", default is "public"

docker/root/etc/s6/gitea/setup

@@ -23,7 +23,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
         INSTALL_LOCK=true
     fi
 
-    # Substitude the environment variables in the template
+    # Substitute the environment variables in the template
     APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
     RUN_MODE=${RUN_MODE:-"prod"} \
     DOMAIN=${DOMAIN:-"localhost"} \

docker/rootless/usr/local/bin/docker-setup.sh

@@ -25,7 +25,7 @@ if [ ! -f ${GITEA_APP_INI} ]; then
         INSTALL_LOCK=true
     fi
 
-    # Substitude the environment variables in the template
+    # Substitute the environment variables in the template
     APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
     RUN_MODE=${RUN_MODE:-"prod"} \
     RUN_USER=${USER:-"git"} \

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -128,8 +128,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   - Options other than `never` and `always` can be combined as a comma separated list.
 - `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
    - `collaborator`: Trust signatures signed by keys of collaborators.
-   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the commmitter).
-   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the commiter.
+   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
+   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
 - `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
 - `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
   - Options as above, with the addition of:
@@ -345,9 +345,9 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **true**: Log the executed SQL.
 - `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
-- `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occured.
+- `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occurred.
 - `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
-- `MAX_IDLE_CONNS` **2**: Max idle database connections on connnection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
+- `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
 
 Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
@@ -385,7 +385,7 @@ relation to port exhaustion.
 - `LENGTH`: **20**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
 - `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. Options can be set using query params. Similarly LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
-- `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overriden in the specific `queue.name` section.
+- `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
 - `SET_NAME`: **_unique**: The suffix that will be added to the default redis and disk queue `set` name for unique queues. Individual queues will default to
  **`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section.
 - `WRAP_IF_NECESSARY`: **true**: Will wrap queues with a timeoutable queue if the selected queue is not ready to be created - (Only relevant for the level queue.)
@@ -516,7 +516,7 @@ relation to port exhaustion.
 - `AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
 - `AUTO_WATCH_ON_CHANGES`: **false**: Enable this to make users watch a repository after their first commit to it
 - `DEFAULT_USER_VISIBILITY`: **public**: Set default visibility mode for users, either "public", "limited" or "private".
-- `ALLOWED_USER_VISIBILITY_MODES`: **public,limited,private**: Set whitch visibibilty modes a user can have
+- `ALLOWED_USER_VISIBILITY_MODES`: **public,limited,private**: Set which visibility modes a user can have
 - `DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".
 - `DEFAULT_ORG_MEMBER_VISIBLE`: **false** True will make the membership of the users visible when added to the organisation.
 - `ALLOW_ONLY_INTERNAL_REGISTRATION`: **false** Set to true to force registration only via gitea.
@@ -895,7 +895,7 @@ IS_INPUT_FILE = false
 - ENABLED: **false** Enable markup support; set to **true** to enable this renderer.
 - NEED\_POSTPROCESS: **true** set to **true** to replace links / sha1 and etc.
 - FILE\_EXTENSIONS: **\<empty\>** List of file extensions that should be rendered by an external
-   command. Multiple extentions needs a comma as splitter.
+   command. Multiple extensions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
 
@@ -927,7 +927,7 @@ If the rule is defined above the renderer ini section or the name does not match
 
 ## Time (`time`)
 
-- `FORMAT`: Time format to diplay on UI. i.e. RFC1123 or 2006-01-02 15:04:05
+- `FORMAT`: Time format to display on UI. i.e. RFC1123 or 2006-01-02 15:04:05
 - `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Shanghai/Asia
 
 ## Task (`task`)

docs/content/doc/advanced/logging-documentation.en-us.md

@@ -282,7 +282,7 @@ ROUTER = console
 COLORIZE = false ; this can be true if you can strip out the ansi coloring
 ```
 
-Sometimes it will be helpful get some specific `TRACE` level logging retricted
+Sometimes it will be helpful get some specific `TRACE` level logging restricted
 to messages that match a specific `EXPRESSION`. Adjusting the `MODE` in the
 `[log]` section to `MODE = console,traceconsole` to add a new logger output
 `traceconsole` and then adding its corresponding section would be helpful:

docs/content/doc/advanced/protected-tags.en-us.md

@@ -27,7 +27,7 @@ To protect a tag, you need to follow these steps:
 
 1. Go to the repository’s **Settings** > **Tags** page.
 1. Type a pattern to match a name. You can use a single name, a [glob pattern](https://pkg.go.dev/github.com/gobwas/glob#Compile) or a regular expression.
-1. Choose the allowed users and/or teams. If you leave these fields empty noone is allowed to create or modify this tag.
+1. Choose the allowed users and/or teams. If you leave these fields empty no one is allowed to create or modify this tag.
 1. Select **Save** to save the configuration.
 
 ## Pattern protected tags

docs/content/doc/features/authentication.en-us.md

@@ -259,7 +259,7 @@ Before activating SSPI single sign-on authentication (SSO) you have to prepare y
 
 - Create a service principal name for the host where `gitea.exe` is running with class `HTTP`:
 
-  - Start `Command Prompt` or `PowerShell` as a priviledged domain user (eg. Domain Administrator)
+  - Start `Command Prompt` or `PowerShell` as a privileged domain user (eg. Domain Administrator)
   - Run the command below, replacing `host.domain.local` with the fully qualified domain name (FQDN) of the server where the web application will be running, and `domain\user` with the name of the account created in the previous step:
 
   ```sh
@@ -283,7 +283,7 @@ Before activating SSPI single sign-on authentication (SSO) you have to prepare y
 - Click the `Sign In` button on the dashboard and choose SSPI to be automatically logged in with the same user that is currently logged on to the computer
 
 - If it does not work, make sure that:
-  - You are not running the web browser on the same server where gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are runnning on the same computer NTLM will be prefered over Kerberos.
+  - You are not running the web browser on the same server where gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are running on the same computer NTLM will be preferred over Kerberos.
   - There is only one `HTTP/...` SPN for the host
   - The SPN contains only the hostname, without the port
   - You have added the URL of the web app to the `Local intranet zone`

docs/content/doc/help/faq.en-us.md

@@ -142,7 +142,7 @@ The current way to achieve this is to create/modify a user with a max repo creat
 
 Restricted users are limited to a subset of the content based on their organization/team memberships and collaborations, ignoring the public flag on organizations/repos etc.\_\_
 
-Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browseable by all co-workers).
+Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browsable by all co-workers).
 
 At some point, a customer or third party needs access to a specific repo and only that repo. Making such a customer account restricted and granting any needed access using team membership(s) and/or collaboration(s) is a simple way to achieve that without the need to make everything private.
 

docs/content/page/index.en-us.md

@@ -117,7 +117,7 @@ Windows, on architectures like amd64, i386, ARM, PowerPC, and others.
         - Configuration viewer
             - Everything in config file
         - System notices
-            - When somthing unexpected happens
+            - When something unexpected happens
         - Monitoring
             - Current processes
             - Cron jobs
@@ -155,7 +155,7 @@ Windows, on architectures like amd64, i386, ARM, PowerPC, and others.
             - Libravatar
             - Custom
         - Password
-        - Mutiple email addresses
+        - Multiple email addresses
         - SSH Keys
         - Connected applications
         - Two factor authentication

integrations/README.md

@@ -28,7 +28,7 @@ make test-sqlite
 Setup a mysql database inside docker
 ```
 docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:latest #(just ctrl-c to stop db and clean the container)
-docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --rm --name elasticsearch elasticsearch:7.6.0 #(in a secound terminal, just ctrl-c to stop db and clean the container)
+docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --rm --name elasticsearch elasticsearch:7.6.0 #(in a second terminal, just ctrl-c to stop db and clean the container)
 ```
 Start tests based on the database container
 ```

integrations/api_repo_lfs_test.go

@@ -135,7 +135,7 @@ func TestAPILFSBatch(t *testing.T) {
 		assert.Equal(t, "Oid or size are invalid", br.Objects[1].Error.Message)
 	})
 
-	t.Run("PointerSizeMissmatch", func(t *testing.T) {
+	t.Run("PointerSizeMismatch", func(t *testing.T) {
 		defer PrintCurrentTest(t)()
 
 		req := newRequest(t, &lfs.BatchRequest{
@@ -376,15 +376,15 @@ func TestAPILFSUpload(t *testing.T) {
 		session.MakeRequest(t, req, http.StatusOK)
 	})
 
-	t.Run("HashMissmatch", func(t *testing.T) {
+	t.Run("HashMismatch", func(t *testing.T) {
 		defer PrintCurrentTest(t)()
 
 		req := newRequest(t, lfs.Pointer{Oid: "2581dd7bbc1fe44726de4b7dd806a087a978b9c5aec0a60481259e34be09b06a", Size: 1}, "a")
 
 		session.MakeRequest(t, req, http.StatusUnprocessableEntity)
 	})
 
-	t.Run("SizeMissmatch", func(t *testing.T) {
+	t.Run("SizeMismatch", func(t *testing.T) {
 		defer PrintCurrentTest(t)()
 
 		req := newRequest(t, lfs.Pointer{Oid: "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb", Size: 2}, "a")

integrations/release_test.go

@@ -116,7 +116,7 @@ func TestCreateReleasePaging(t *testing.T) {
 	setting.API.DefaultPagingNum = 10
 
 	session := loginUser(t, "user2")
-	// Create enaugh releases to have paging
+	// Create enough releases to have paging
 	for i := 0; i < 12; i++ {
 		version := fmt.Sprintf("v0.0.%d", i)
 		createNewRelease(t, session, "/user2/repo1", version, version, false, false)

integrations/repo_branch_test.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"
 
 	"github.com/stretchr/testify/assert"
@@ -134,5 +135,13 @@ func TestCreateBranchInvalidCSRF(t *testing.T) {
 		"_csrf":           "fake_csrf",
 		"new_branch_name": "test",
 	})
-	session.MakeRequest(t, req, http.StatusBadRequest)
+	resp := session.MakeRequest(t, req, http.StatusFound)
+	loc := resp.Header().Get("Location")
+	assert.Equal(t, setting.AppSubURL+"/", loc)
+	resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	assert.Equal(t,
+		"Bad Request: Invalid CSRF token",
+		strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
+	)
 }

models/branches.go

@@ -219,7 +219,7 @@ func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {
 		expr = strings.TrimSpace(expr)
 		if expr != "" {
 			if g, err := glob.Compile(expr, '.', '/'); err != nil {
-				log.Info("Invalid glob expresion '%s' (skipped): %v", expr, err)
+				log.Info("Invalid glob expression '%s' (skipped): %v", expr, err)
 			} else {
 				extarr = append(extarr, g)
 			}

models/context.go

@@ -42,7 +42,7 @@ func WithContext(f func(ctx DBContext) error) error {
 	return f(DBContext{x})
 }
 
-// WithTx represents executing database operations on a trasaction
+// WithTx represents executing database operations on a transaction
 func WithTx(f func(ctx DBContext) error) error {
 	sess := x.NewSession()
 	if err := sess.Begin(); err != nil {

models/error.go

@@ -1114,7 +1114,7 @@ func IsErrUserDoesNotHaveAccessToRepo(err error) bool {
 }
 
 func (err ErrUserDoesNotHaveAccessToRepo) Error() string {
-	return fmt.Sprintf("user doesn't have acces to repo [user_id: %d, repo_name: %s]", err.UserID, err.RepoName)
+	return fmt.Sprintf("user doesn't have access to repo [user_id: %d, repo_name: %s]", err.UserID, err.RepoName)
 }
 
 // ErrWontSign explains the first reason why a commit would not be signed
@@ -1289,7 +1289,7 @@ func IsErrSHAOrCommitIDNotProvided(err error) bool {
 }
 
 func (err ErrSHAOrCommitIDNotProvided) Error() string {
-	return "a SHA or commmit ID must be proved when updating a file"
+	return "a SHA or commit ID must be proved when updating a file"
 }
 
 //  __      __      ___.   .__                   __

models/gpg_key.go

@@ -622,7 +622,7 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		var err error
 		// Find Committer account
 		committer, err = GetUserByEmail(c.Committer.Email) // This finds the user by primary email or activated email so commit will not be valid if email is not
-		if err != nil {                                    // Skipping not user for commiter
+		if err != nil {                                    // Skipping not user for committer
 			committer = &User{
 				Name:  c.Committer.Name,
 				Email: c.Committer.Email,
@@ -698,7 +698,7 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		}
 
 		for _, k := range keys {
-			// Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate
+			// Pre-check (& optimization) that emails attached to key can be attached to the committer email and can validate
 			canValidate := false
 			email := ""
 			for _, e := range k.Emails {

models/issue_comment.go

@@ -184,7 +184,7 @@ type Comment struct {
 	RefRepoID    int64                 `xorm:"index"` // Repo where the referencing
 	RefIssueID   int64                 `xorm:"index"`
 	RefCommentID int64                 `xorm:"index"`    // 0 if origin is Issue title or content (or PR's)
-	RefAction    references.XRefAction `xorm:"SMALLINT"` // What hapens if RefIssueID resolves
+	RefAction    references.XRefAction `xorm:"SMALLINT"` // What happens if RefIssueID resolves
 	RefIsPull    bool
 
 	RefRepo    *Repository `xorm:"-"`
@@ -1228,7 +1228,7 @@ func UpdateCommentsMigrationsByType(tp structs.GitServiceType, originalAuthorID
 	return err
 }
 
-// CreatePushPullComment create push code to pull base commend
+// CreatePushPullComment create push code to pull base comment
 func CreatePushPullComment(pusher *User, pr *PullRequest, oldCommitID, newCommitID string) (comment *Comment, err error) {
 	if pr.HasMerged || oldCommitID == "" || newCommitID == "" {
 		return nil, nil
@@ -1262,7 +1262,7 @@ func CreatePushPullComment(pusher *User, pr *PullRequest, oldCommitID, newCommit
 	return
 }
 
-// getCommitsFromRepo get commit IDs from repo in betwern oldCommitID and newCommitID
+// getCommitsFromRepo get commit IDs from repo in between oldCommitID and newCommitID
 // isForcePush will be true if oldCommit isn't on the branch
 // Commit on baseBranch will skip
 func getCommitIDsFromRepo(repo *Repository, oldCommitID, newCommitID, baseBranch string) (commitIDs []string, isForcePush bool, err error) {