As I show it, I expect file_get_contents(file); is a bad idea and require($file); is worse.
How can I ensure that $file cannot be modified by the user other than as intended (by "intended", I mean no .. or anything which would change the path)?
$file=dirname(__DIR__).'/components/'.$_GET['cid'].'/validate/'.$_GET['page'].'.json';
$json=file_get_contents(file);
require($file);