Assuming $from_page is a string value and not an array or object, sanitize_key() should do the trick, it allows only a-z0-9_- and I believe is used for permalink.
$cookiename = sanitize_key( 'unrestrict_'.$from_page );
setcookie( cookiename, 1 ...
there’s a whole bunch of wordpress sanitizing functions, reference available in the docs.