-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Steve Summit:
I had an idea that the edit token was basically the revision id and that it could therefore be easily faked; though I'm not sure that was a valid assumption.)
the edit token is a secret value associated with the logged in user's session, *not* with the page being edited.
once a user logs in, the token is the same for all pages (and all revisions) that user edits. if they log out and in again, the token will change.
so, this probably won't do what you want. if the token has changed, you won't be able to submit your edit; and even if you do, the token won't prevent you overwriting a later revision.
you would probably do better to use the wpEdittime value, which is the timestamp of the revision being edited. if you submit an edit with the wrong edit time, you will get an edit conflict.
- river.