fix: address Gemini review feedback

- Extract shared header-building logic into `build_headers()` private
  method, eliminating duplication between `build()` and
  `build_with_attachments()`.
- Add `escape_quoted_string()` helper to properly escape backslashes
  and double quotes in MIME filename parameters (RFC 2045/2822).

Author: pae23

src/helpers/gmail/mod.rs

@@ -364,9 +364,20 @@ pub(super) struct MessageBuilder<'a> {
     pub threading: Option<ThreadingHeaders<'a>>,
 }
 
+/// Escape a filename for use in a MIME quoted-string parameter.
+/// Backslashes and double quotes are escaped per RFC 2045/2822.
+fn escape_quoted_string(s: &str) -> String {
+    sanitize_header_value(s)
+        .replace('\\', "\\\\")
+        .replace('"', "\\\"")
+}
+
 impl MessageBuilder<'_> {
-    /// Build the complete RFC 2822 message (headers + blank line + body).
-    pub fn build(&self, body: &str) -> String {
+    /// Build the common RFC 2822 headers shared by both plain and multipart
+    /// messages. The `content_type_line` parameter supplies the Content-Type
+    /// header value (e.g. "text/plain; charset=utf-8" or
+    /// "multipart/mixed; boundary=\"...\"").
+    fn build_headers(&self, content_type_line: &str) -> String {
         debug_assert!(
             !self.to.is_empty(),
             "MessageBuilder: `to` must not be empty"
@@ -388,7 +399,7 @@ impl MessageBuilder<'_> {
             ));
         }
 
-        headers.push_str("\r\nMIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8");
+        headers.push_str(&format!("\r\nMIME-Version: 1.0\r\nContent-Type: {}", content_type_line));
 
         if let Some(from) = self.from {
             headers.push_str(&format!("\r\nFrom: {}", sanitize_header_value(from)));
@@ -404,6 +415,12 @@ impl MessageBuilder<'_> {
             headers.push_str(&format!("\r\nBcc: {}", sanitize_header_value(bcc)));
         }
 
+        headers
+    }
+
+    /// Build the complete RFC 2822 message (headers + blank line + body).
+    pub fn build(&self, body: &str) -> String {
+        let headers = self.build_headers("text/plain; charset=utf-8");
         format!("{}\r\n\r\n{}", headers, body)
     }
 
@@ -424,41 +441,7 @@ impl MessageBuilder<'_> {
         let mut rng = rand::thread_rng();
         let boundary = format!("{:016x}{:016x}", rng.gen::<u64>(), rng.gen::<u64>());
 
-        debug_assert!(
-            !self.to.is_empty(),
-            "MessageBuilder: `to` must not be empty"
-        );
-
-        let mut headers = format!(
-            "To: {}\r\nSubject: {}",
-            sanitize_header_value(self.to),
-            encode_header_value(&sanitize_header_value(self.subject)),
-        );
-
-        if let Some(ref threading) = self.threading {
-            headers.push_str(&format!(
-                "\r\nIn-Reply-To: {}\r\nReferences: {}",
-                sanitize_header_value(threading.in_reply_to),
-                sanitize_header_value(threading.references),
-            ));
-        }
-
-        headers.push_str(&format!(
-            "\r\nMIME-Version: 1.0\r\nContent-Type: multipart/mixed; boundary=\"{}\"",
-            boundary
-        ));
-
-        if let Some(from) = self.from {
-            headers.push_str(&format!("\r\nFrom: {}", sanitize_header_value(from)));
-        }
-
-        if let Some(cc) = self.cc {
-            headers.push_str(&format!("\r\nCc: {}", sanitize_header_value(cc)));
-        }
-
-        if let Some(bcc) = self.bcc {
-            headers.push_str(&format!("\r\nBcc: {}", sanitize_header_value(bcc)));
-        }
+        let headers = self.build_headers(&format!("multipart/mixed; boundary=\"{}\"", boundary));
 
         // Start the multipart body.
         let mut message = format!("{}\r\n\r\n", headers);
@@ -480,18 +463,15 @@ impl MessageBuilder<'_> {
                 .collect::<Vec<_>>()
                 .join("\r\n");
 
+            let safe_filename = escape_quoted_string(&att.filename);
             message.push_str(&format!(
                 "--{}\r\n\
                  Content-Type: {}; name=\"{}\"\r\n\
                  Content-Disposition: attachment; filename=\"{}\"\r\n\
                  Content-Transfer-Encoding: base64\r\n\
                  \r\n\
                  {}\r\n",
-                boundary,
-                att.content_type,
-                sanitize_header_value(&att.filename),
-                sanitize_header_value(&att.filename),
-                folded,
+                boundary, att.content_type, safe_filename, safe_filename, folded,
             ));
         }