diff --git a/readme.md b/readme.md
index ffaa2c7..5919786 100644
--- a/readme.md
+++ b/readme.md
@@ -50,6 +50,7 @@ Showing the Materialish theme, library view, and playlist editor
 * Download Player
     * Download videos, such as from YouTube, straight to the music library
 * Update music database
+* Basic album art detection (setting "library" in config.cfg)
 * Basic mobile support
 * Basic theming support
 * Library searching
diff --git a/server.js b/server.js
index a12f142..6a0a4e2 100755
--- a/server.js
+++ b/server.js
@@ -72,13 +72,22 @@ function getHostname(ip, callback) {
 }
 
 var downloader = {
-    // some of these settings get set in config.json
+    // some of these settings get set in config.cfg
     enabled: true,
     directory: 'Downloads',
     keepVideo: false,
 
     // TODO check if file already exists
     download: function (url, location, address, socket) {
+        if (location.includes('..')) {
+            console.log(address + " tried to access " + location + "!");
+            socket.send(JSON.stringify({
+                'type': 'downloader-status',
+                'info': 'You cannot have ".." in the location!'
+            }));
+            return;
+        }
+
         location = downloader.getLocation(location);
 
         socket.send(JSON.stringify({
diff --git a/src/socket.js b/src/socket.js
index 4296ac9..862277f 100644
--- a/src/socket.js
+++ b/src/socket.js
@@ -86,7 +86,7 @@ socket.onmessage = function (event) {
         case 'init':
             mpcp.playlist.updateTitle(msg['playlist-title']);
             mpcp.vote.enabled = msg['song-vote'];
-            if (msg['downloader-enabled'] == 'true')
+            if (msg['downloader-enabled'])
                 mpcp.downloader.init(msg['downloader-location']);
             mpcp.utils.setCurrentAlbumArt(msg['album-art']);
             initAfterConnection();