my PAGE navigation code

notset

if (!isset($_GET['p']) || empty($_GET['p'])) {
  $module = $settings['default_page'];
}
else {
  $page = str_replace(array('.','/'), '', strtolower(urlencode($_GET['p'])));
  list($module,$action) = (strpos($page, '-')) ? explode('-', $page) : list($page,'');
  if (!is_dir(MOD_PATH.'/'.$module)) {
    $module = $settings['default_page'];
  }
}

Site URL example:

www.site.com/?p=account-edit

'account' is a module ($module). Every module has a directory in the MOD_PATH.

Is code safe enough? Maybe there are some bugs which could use hackers? Is enought to strip '.' and '/' symbols from $_GET['p'] before checking the directory?
Maybe i use functions which are not useful or uses much resources? Maybe i can replace it with better functions?

Thank's

Weedpacket

Why not just maintain a list of pages they are allowed to view, and only allow them to view those pages?