Security improved, allow edit boardlist/news from panel

[Apogate]

This is a second, more secure attempt at 1b06552df7e449f91c26772127295c3764f6aa1c

@RePod is this SECURE enough for you

It strips PHP opening tags and is hardcoded as to what files newsGetFile() can access.

[RePod]

Reiterating my previous comment:

News->newsGetFile() is still insecure, but slightly better. If it's only used by that class, make it private. Was looking at an old commit.

Also, redundant function names. If it's the News class why do function names start with news?

[Apogate]

for educational purposes, what about it is still insecure?

I thought if file_get_contents is only permitted to access the two files and the function isn't accessible anywhere else, we'd be set?

[RePod]

It's spooky.

[Apogate]

happy halloween