diff --git a/src/main.rs b/src/main.rs
index 8fdf50c..ef9aa7a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -203,7 +203,11 @@ async fn stream_video(
     let playlist = &path.path;
     println!("Playlist: {}", playlist);
 
-    if let Ok(file) = NamedFile::open(playlist) {
+    // Extract video playlist dir to dotenv
+    if !playlist.starts_with("tmp") || playlist.contains("..") {
+        HttpResponse::NotFound().finish()
+    }
+    else if let Ok(file) = NamedFile::open(playlist) {
         file.into_response(&request).unwrap()
     } else {
         HttpResponse::NotFound().finish()