Security bug 1944979: Able to create a transversible help path

To get to files outside the webroot
These files will need to be .html files for the exploit to work

This patch tries to find the real path for the file and checks to make
sure it's within the webroot and contains 'help/page/' as part of it's
path.

Change-Id: I1c782f2a63e93b7da30ad62cb0acddab8dd75497
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 4b9a1ebc)