Detach quoted filename strings from pooled buffers

[Copilot]

Description

quoteString() and quoteRawString() were returning strings backed by pooled buffers. Under concurrent reuse, Attachment() / Download() could emit corrupted Content-Disposition filenames.

• Detachment at return

  • quoteString() now materializes the quoted result as a Go string before returning the buffer to bytebufferpool.
  • quoteRawString() now returns a copied string instead of a zero-copy alias into pooled storage.

• Regression coverage

  • Added focused tests proving an earlier quoted result is not mutated by a later quote call on the same app instance.
  • Existing attachment/download quoting behavior remains covered.

first := app.quoteString("a b")
second := app.quoteString("x y")

// first must remain stable even if the pool is reused
require.Equal(t, "a+b", first)
require.Equal(t, "x+y", second)
require.Equal(t, "a+b", first)

Changes introduced

• Core fix

  • Replace pooled-slice-backed string returns with detached string construction in both quoting helpers.

• Tests

  • Add targeted regression tests for pooled-buffer reuse across successive quote operations.

List the new features or adjustments introduced in this pull request. Provide details on benchmarks, documentation updates, changelog entries, and if applicable, the migration guide.

• Benchmarks: Describe any performance benchmarks and improvements related to the changes.
• Documentation Update: Detail the updates made to the documentation and links to the changed files.
• Changelog/What's New: Include a summary of the additions for the upcoming release notes.
• Migration Guide: If necessary, provide a guide or steps for users to migrate their existing code to accommodate these changes.
• API Alignment with Express: Explain how the changes align with the Express API.
• API Longevity: Keeps existing quoting behavior and API surface unchanged while removing unsafe pooled-buffer aliasing.
• Examples: Provide examples demonstrating the new features or changes in action.

Type of change

Please delete options that are not relevant.

• New feature (non-breaking change which adds functionality)
• Enhancement (improvement to existing features and functionality)
• Documentation update (changes to documentation)
• Performance improvement (non-breaking change which improves efficiency)
• Code consistency (non-breaking change which improves code reliability and robustness)

Checklist

Before you submit your pull request, please make sure you meet these requirements:

• Followed the inspiration of the Express.js framework for new functionalities, making them similar in usage.
• Conducted a self-review of the code and provided comments for complex or critical parts.
• Updated the documentation in the /docs/ directory for Fiber's documentation.
• Added or updated unit tests to validate the effectiveness of the changes or new features.
• Ensured that new and existing unit tests pass locally with the changes.
• Verified that any new dependencies are essential and have been agreed upon by the maintainers/community.
• Aimed for optimal performance with minimal allocations in the new code.
• Provided benchmarks for the new code to analyze and improve upon.

Commit formatting

Please use emojis in commit messages for an easy way to identify the purpose or intention of a commit. Check out the emoji cheatsheet here: CONTRIBUTING.md

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.39%. Comparing base (e5e93e6) to head (42fd907).
⚠️ Report is 33 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4374   +/-   ##
=======================================
  Coverage   91.39%   91.39%           
=======================================
  Files         132      132           
  Lines       13098    13098           
=======================================
  Hits        11971    11971           
  Misses        710      710           
  Partials      417      417           

Flag	Coverage Δ
unittests	91.39% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Fixes a correctness bug where App.quoteString() and App.quoteRawString() returned strings backed by pooled bytebufferpool buffers via app.toString (unsafe zero-copy). Once the buffer was returned to the pool and reused by a subsequent call, previously returned filenames could be mutated, leading to corrupted Content-Disposition headers in Attachment()/Download().

Changes:

• Replace app.toString(...) with string(...) in both quoting helpers so the returned string is detached from the pooled buffer before Put.
• Drop the now-unused receiver name on quoteRawString.
• Add regression tests asserting earlier results are stable across subsequent quote calls.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
helpers.go	Materialize quoted results into independent Go strings before returning the pooled buffer.
helpers_test.go	Add regression tests verifying detachment from the pooled buffer across successive calls.