diff --git a/codepot/src/codepot/controllers/issue.php b/codepot/src/codepot/controllers/issue.php
index 7c0b52fa..c77a9773 100644
--- a/codepot/src/codepot/controllers/issue.php
+++ b/codepot/src/codepot/controllers/issue.php
@@ -545,11 +545,13 @@ DEPRECATED
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
-			{
-				$status = "error - not a member {$login['id']}";
-			}
+			// By default, any logged-in user can create an issue.
+			// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
+			//else if (!$login['sysadmin?'] && 
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//{
+			//	$status = "error - not a member {$login['id']}";
+			//}
 			else
 			{
 				$issue = new stdClass();
@@ -629,7 +631,7 @@ DEPRECATED
 		print $status;
 	}
 
-	function xhr_update ($projectid = '')
+	function xhr_update ($projectid = '', $issueid = '')
 	{
 		$this->load->model ('ProjectModel', 'projects');
 		$this->load->model ('IssueModel', 'issues');
@@ -644,6 +646,8 @@ DEPRECATED
 		}
 		else
 		{
+			$issueid = $this->converter->HexToAscii ($issueid);
+
 			$project = $this->projects->get ($projectid);
 			if ($project === FALSE)
 			{
@@ -653,16 +657,20 @@ DEPRECATED
 			{
 				$status = "error - no such project {$projectid}";
 			}
+			// By default, any logged-in user can edit an issue text.
+			// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
 			else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
+			         ($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
+			         $login['id'] != $issue->createdby)
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - not a member nor a creator - {$login['id']}";
 			}
 			else
 			{
 				$issue = new stdClass();
 				$issue->projectid = $projectid;
-				$issue->id = $this->input->post('issue_edit_id');
+				$issue->id = $issueid;
 				$issue->summary = $this->input->post('issue_edit_summary');
 				$issue->description = $this->input->post('issue_edit_description');
 				//$issue->type = $this->input->post('issue_edit_type');
@@ -733,7 +741,7 @@ DEPRECATED
 			else
 			{
 				$post_delete_confirm = $this->input->post('issue_delete_confirm');
-				
+
 				if ($post_delete_confirm !== FALSE && $post_delete_confirm == 'Y')
 				{
 					if ($this->issues->deleteWithFiles ($login['id'], $projectid, $issueid) === FALSE)
@@ -781,10 +789,14 @@ DEPRECATED
 			{
 				$status = "error - no such project {$projectid}";
 			}
+			// By default, any logged-in user can attach a file to an issue body.
+			// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
 			else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
+			         ($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
+			         $login['id'] != $issue->createdby)
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - not a member nor a creator - {$login['id']}";
 			}
 			else
 			{
@@ -798,7 +810,7 @@ DEPRECATED
 					$fid = "issue_add_file_{$i}";
 					if (array_key_exists($fid, $_FILES) && $_FILES[$fid]['name'] != '')
 					{
-						$d = $this->input->post("file_add_file_desc_{$i}");
+						$d = $this->input->post("issue_add_file_desc_{$i}");
 						if ($d === FALSE || ($d = trim($d)) == '') $d = ''; 
 
 						if (strpos($_FILES[$fid]['name'], ':') !== FALSE ||
@@ -859,10 +871,14 @@ DEPRECATED
 			{
 				$status = "error - no such project {$projectid}";
 			}
+			// By default, any logged-in user can edit attached files.
+			// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
 			else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
+			         ($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
+			         $login['id'] != $issue->createdby)
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - not a member nor a creator - {$login['id']}";
 			}
 			else
 			{
diff --git a/codepot/src/codepot/models/issuemodel.php b/codepot/src/codepot/models/issuemodel.php
index 5e4c160c..7bd704e9 100644
--- a/codepot/src/codepot/models/issuemodel.php
+++ b/codepot/src/codepot/models/issuemodel.php
@@ -593,6 +593,8 @@ class IssueModel extends Model
 	function updateSummaryAndDescription ($userid, $issue)
 	{
 		// TODO: check if userid can do this..
+		$this->db->trans_begin (); // manual transaction. not using trans_start().
+
 		$this->db->trans_start ();
 		$this->db->where ('projectid', $issue->projectid);
 		$this->db->where ('id', $issue->id);
@@ -601,6 +603,12 @@ class IssueModel extends Model
 		$this->db->set ('updatedon', date('Y-m-d H:i:s'));
 		$this->db->set ('updatedby', $userid);
 		$this->db->update ('issue');
+		if ($this->db->trans_status() === FALSE)
+		{
+			$this->errmsg = $this->db->_error_message(); 
+			$this->db->trans_rollback ();
+			return FALSE;
+		}
 
 		$this->db->set ('createdon', date('Y-m-d H:i:s'));
 		$this->db->set ('type',      'issue');
@@ -609,10 +617,14 @@ class IssueModel extends Model
 		$this->db->set ('userid',    $userid);
 		$this->db->set ('message',   $issue->id);
 		$this->db->insert ('log');
+		if ($this->db->trans_status() === FALSE)
+		{
+			$this->errmsg = $this->db->_error_message(); 
+			$this->db->trans_rollback ();
+			return FALSE;
+		}
 
-		$this->db->trans_complete ();
-		if ($this->db->trans_status() === FALSE) return FALSE;
-
+		$this->db->trans_commit ();
 		return $issue->id;
 	}
 
diff --git a/codepot/src/codepot/views/issue_show.php b/codepot/src/codepot/views/issue_show.php
index 37df7027..55e807da 100644
--- a/codepot/src/codepot/views/issue_show.php
+++ b/codepot/src/codepot/views/issue_show.php
@@ -234,13 +234,12 @@ $(function () {
 
 						var form_data = new FormData();
 
-						form_data.append ('issue_edit_id', '<?php print $issue->id; ?>');
 						form_data.append ('issue_edit_summary', $('#issue_show_mainarea_edit_summary').val());
 						form_data.append ('issue_edit_description', $('#issue_show_mainarea_edit_description').val());
 
 						$('#issue_show_mainarea_edit_form').dialog('disable');
 						$.ajax({
-							url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}"; ?>'),
+							url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}/{$hex_issue_id}"; ?>'),
 							type: 'POST',
 							data: form_data,
 							mimeType: 'multipart/form-data',
@@ -787,7 +786,7 @@ $this->load->view (
 			htmlspecialchars($f->filename)
 		);
 
-		if (!empty($f->description)) printf ('- %s', htmlspecialchars($f->description));
+		if (!empty($f->description)) printf (' - %s', htmlspecialchars($f->description));
 		print '</li>';
 	}
 ?>