Escape user-provided text passed to regex

Rather than using the user/document-provided values directly, we instead
escape them to use them verbatim.

This fixes issue #568.

Author: pitkley

src/documents/models.py

@@ -138,11 +138,15 @@ def _split_match(self):
             ==>
           ["some", "random", "words", "with+quotes", "and", "spaces"]
         """
+        # We are escaping the match provided, although we unescape spaces again
+        # to not break the existing splitting logic.
+        match = re.escape(self.match).replace("\\ ", " ")
+
         findterms = re.compile(r'"([^"]+)"|(\S+)').findall
         normspace = re.compile(r"\s+").sub
         return [
             normspace(" ", (t[0] or t[1]).strip()).replace(" ", r"\s+")
-            for t in findterms(self.match)
+            for t in findterms(match)
         ]
 
     def save(self, *args, **kwargs):