diff --git a/download_loooooops.py b/download_loooooops.py
index 71ecc77..4f9ccbc 100755
--- a/download_loooooops.py
+++ b/download_loooooops.py
@@ -9,7 +9,9 @@ from urllib.parse import urlparse
 #   remote_url
 #   description
 
-output_dir = "loooooops"
+year = "2022"
+
+output_dir = os.path.join("loooooops", year)
 
 bitrate = "128k"
 
@@ -88,7 +90,7 @@ for collection in data:
                 i['created_at'][:-1]).astimezone(
                 datetime.timezone.utc)
 
-            if creation_date.strftime('%Y') == "2022": #we only take entries from this year
+            if creation_date.strftime('%Y') == year: #we only take entries from this year
                 stuff = {}
                 stuff["url"] = i["url"]
                 stuff["description"] = i["content"]
@@ -119,6 +121,7 @@ for l in looooops:
 
 # Once we've done everythin we generate a playlist and ask ezstream
 # to reload it
-os.system('find . -iname "*opus" > playlist_loooooops.m3u'\
-    '&& kill -s HUP `pidof ezstream`')
-
+# this is not an injection vulnerability as output_dir is under
+# our control
+os.system('find {} -iname "*opus" > playlist_loooooops.m3u'\
+    '&& kill -s HUP `pidof ezstream`'.format(output_dir))