The global file-extension blacklist uses two different strings to identify the real extension of the file (the last .xxx at the end of the filename) and the extension that throws an error (it inexplicably checks for all 'extension' substrings in the filename, so that hello.py.zip.txt will have py, txt, and zip all checked for a blacklist match).
This should perhaps be two bugs; the most immediate is that the error thrown on the above file could be ".txt is not an allowed extension" when it is actually choking on ".py"
The second is that I can't see why extensions other than the final one should be blacklisted in the first place.
Version: 1.20.x
Severity: minor