Make flask_wtf.file.FileAllowed to allow passing composite file extensions as a upload_set tuple/list

[ssato]

(Excuse me to open this as an issue rather than PR.)

flask_wtf.file.FileAllowed only check a file extension at the end of filename currently
(https://github.com/lepture/flask-wtf/blob/master/flask_wtf/file.py#L67)
as filename.rsplit('.', 1)[-1] only returns that like this:

>>> filename = "file.tar.gz"; filename.rsplit('.', 1)[-1]
'gz'

I guess a kind of following change enables passing composite extensions list
as a upload_set list/tuple, such as "tar.xz", "sh.gz", etc.

--- flask_wtf/file.py.org   2015-09-30 21:00:21.949896935 +0900
+++ flask_wtf/file.py   2015-09-30 21:02:43.518758529 +0900
@@ -64,11 +64,10 @@
         filename = field.data.filename.lower()

         if isinstance(self.upload_set, (tuple, list)):
-            ext = filename.rsplit('.', 1)[-1]
-            if ext in self.upload_set:
+            if any(filename.endswith('.' + x) for x in self.upload_set):
                 return
-            message = '{} is not in the allowed extentions: {}'.format(
-                ext, self.upload_set)
+            message = 'File does not end with any of the allowed extentions: {}'.format(
+                self.upload_set)
             raise StopValidation(self.message or message)

         if not self.upload_set.file_allowed(field.data, filename):

[lepture]

Thanks. Applied changes.