Escape user-provided text passed to regex

Rather than using the user/document-provided values directly, we instead
escape them to use them verbatim.

This fixes issue #568.

Author: pitkley

src/documents/models.py

@@ -141,7 +141,9 @@ def _split_match(self):
         findterms = re.compile(r'"([^"]+)"|(\S+)').findall
         normspace = re.compile(r"\s+").sub
         return [
-            normspace(" ", (t[0] or t[1]).strip()).replace(" ", r"\s+")
+            re.escape(
+                normspace(" ", (t[0] or t[1]).strip())
+            ).replace(r"\ ", "\s+")
             for t in findterms(self.match)
         ]