fix(update): 修复更新提示找不到路径

[YueerMoe]

将更新脚本的 cmd 引号转义修复从 dev 合入 preview。

• 背景：修复更新时提示「系统找不到路径 "\"」
• 修复点：Windows 批处理里 cmd.exe 不支持 " 作为转义，改为使用 ""path"" 写法
• 文件：src-tauri/src/services/update.rs

说明：此前该修复曾直接落在 preview（已 revert），现在按流程 dev -> preview -> master 重新走一遍。

[gemini-code-assist]

Summary of Changes

Hello @YueerMoe, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此拉取请求旨在解决 Windows 用户在更新应用程序时遇到的“系统找不到路径”错误。通过调整生成更新批处理脚本中路径的引用方式，确保 cmd.exe 能够正确解析路径，从而提升了应用程序在 Windows 平台上的更新可靠性。

Highlights

• 修复更新路径问题: 解决了 Windows 系统上更新时提示“系统找不到路径”的问题。
• 批处理脚本引用调整: 将 cmd.exe 中路径的引用方式从 \"path\" 修改为 ""path""，以正确处理 Windows 批处理命令。
• 新增单元测试: 增加了针对 build_updater_batch 函数的测试，确保批处理脚本中的路径引用逻辑正确。

Changelog

• src-tauri/src/services/update.rs
  • 重构了 UpdatePaths 结构体的初始化代码，提高了可读性。
  • 修改了 build_updater_batch 函数中用于清理临时文件的批处理命令，将路径引用从 \" 更改为 ""，以兼容 Windows cmd.exe 的解析行为。
  • 新增了一个单元测试 build_updater_batch_uses_cmd_double_quotes_for_cleanup，以验证批处理脚本中路径引用的正确性。

Activity

• 此修复此前曾直接合并到 preview 分支，但随后被回滚。
• 当前按照 dev -> preview -> master 的标准流程重新提交此修复。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This PR aims to fix path escaping issues in the Windows update script by changing cmd.exe path references from " to "". However, the proposed fix using ""{temp_dir}"" introduces a command injection vulnerability when paths contain & and breaks support for spaces; a safer quoting method is recommended. The PR also includes unit tests, which is a good practice, but there appears to be a typo in a new test case that might cause it to fail. Additionally, please ensure exe_name and other path components are validated to prevent path traversal and further command injection risks in other parts of the batch script construction.

[gemini-code-assist]

The use of double-double quotes ""{temp_dir}"" inside a cmd /c command string is vulnerable to command injection and will fail for paths containing spaces. In cmd.exe, "" is interpreted as two separate double quotes (an empty quoted string), which leaves the subsequent path unquoted. If the path contains an ampersand (&), it will be treated as a command separator, allowing for arbitrary command execution. For example, if temp_dir is C:\Users\A&B\Temp, the command will attempt to execute B\Temp. Additionally, this syntax causes a syntax error when the path contains spaces (e.g., C:\Program Files). The correct way to quote a path for cmd /c in a batch file is to use single double quotes "{temp_dir}", ensuring no backslashes are used for escaping as they are treated literally by cmd.exe.

Suggested change

	start "" /min cmd /c "timeout /t 3 /nobreak >nul & if exist ""{temp_dir}"" rd /s /q ""{temp_dir}"""
	start "" /min cmd /c "timeout /t 3 /nobreak >nul & if exist "{temp_dir}" rd /s /q "{temp_dir}""

[gemini-code-assist]

这里的断言字符串似乎不正确，可能导致测试无法通过。

build_updater_batch 函数生成的批处理命令中，清理临时目录的命令部分在格式化后会是 ... if exist ""C:\Temp..."" rd /s /q ""C:\Temp..."""，其中路径参数后有三个双引号。

然而，当前的测试断言 content.contains(...) 检查的是一个以四个双引号结尾的字符串，这与实际生成的内容不符。

为了在测试中正确表示一个包含三个双引号的字符串，可以考虑使用 r##"..."## 形式的原始字符串字面量。

Suggested change

	assert!(content.contains(
	r#"if exist ""C:\Temp\endfield-cat-update"" rd /s /q ""C:\Temp\endfield-cat-update""""#
	));
	assert!(content.contains(
	r##"if exist ""C:\Temp\endfield-cat-update"" rd /s /q ""C:\Temp\endfield-cat-update"""#"##
	));