Don't read arbitrary files from doc directory

Exposing all the files in doc directory is not a safe thing to do. It is
best to let only intended file to be read and displayed.

modules/help/urls.py

@@ -30,5 +30,5 @@ urlpatterns = patterns(  # pylint: disable-msg=C0103
     url(r'^help/$', 'index', name='index'),
     url(r'^help/index/$', 'index', name='index_explicit'),
     url(r'^help/about/$', 'about', name='about'),
-    url(r'^help/page/([\w]+)/$', 'helppage', name='helppage'),
+    url(r'^help/page/(plinth|hacking|faq)/$', 'helppage', name='helppage'),
 )