Merge commit from fork

* Fix backtracking protection

* Add test

index.js

@@ -72,20 +72,26 @@ function pathToRegexp(path, keys, options) {
   path = path.replace(
     /\\.|(\/)?(\.)?:(\w+)(\(.*?\))?(\*)?(\?)?|[.*]|\/\(/g,
     function (match, slash, format, key, capture, star, optional, offset) {
-      pos = offset + match.length;
-
       if (match[0] === '\\') {
         backtrack += match;
+        pos += 2;
         return match;
       }
 
       if (match === '.') {
         backtrack += '\\.';
         extraOffset += 1;
+        pos += 1;
         return '\\.';
       }
 
-      backtrack = slash || format ? '' : path.slice(pos, offset);
+      if (slash || format) {
+        backtrack = '';
+      } else {
+        backtrack += path.slice(pos, offset);
+      }
+
+      pos = offset + match.length;
 
       if (match === '*') {
         extraOffset += 3;

test.js

@@ -8,6 +8,10 @@ describe('path-to-regexp', function () {
     }, /path must be a string, array of strings, or regular expression/);
   });
 
+  it('should generate a regex without backtracking', function () {
+    assert.deepEqual(pathToRegExp('/:a-:b'), /^(?:\/([^/]+?))-(?:((?:(?!\/|-).)+?))\/?$/i);
+  });
+
   describe('strings', function () {
     it('should match simple paths', function () {
       var params = [];