diff --git a/public_html/wp-content/plugins/camptix/addons/require-login.php b/public_html/wp-content/plugins/camptix/addons/require-login.php
index 8e64b566c7..d78e7b78ec 100644
--- a/public_html/wp-content/plugins/camptix/addons/require-login.php
+++ b/public_html/wp-content/plugins/camptix/addons/require-login.php
@@ -94,20 +94,40 @@ public function block_unauthenticated_actions() {
 	 * @param array $request_data Array of request data to sanitize.
 	 * @return array Sanitized parameters.
 	 */
-	private function get_sanitized_tix_parameters( $request_data ) {
+	private function get_sanitized_tix_parameters( array $request_data ): array {
 		$allowed_parameters = array(
-			'tix_action'           => 'text',
-			'tix_tickets_selected' => 'int',
-			'tix_coupon'           => 'text',
-			'tix_attendee_id'      => 'int',
-			'tix_edit_token'       => 'text',
-			'tix_access_token'     => 'text',
+			'tix_action'                 => 'text',
+			'tix_tickets_selected'       => 'array_int',
+			'tix_errors'                 => 'array_str',
+			'tix_coupon'                 => 'text',
+			'tix_attendee_id'            => 'int',
+			'tix_edit_token'             => 'text',
+			'tix_access_token'           => 'text',
+			'tix_reservation_id'         => 'text',
+			'tix_reservation_token'      => 'text',
+			'tix_single_ticket_purchase' => 'text',
 		);
 
 		$args = array();
 		foreach ( $allowed_parameters as $key => $type ) {
 			if ( isset( $request_data[ $key ] ) ) {
 				switch ( $type ) {
+					case 'array_int':
+						if ( is_array( $request_data[ $key ] ) ) {
+							$args[ $key ] = array_map( 'absint', $request_data[ $key ] );
+						} else {
+							$args[ $key ] = array( absint( $request_data[ $key ] ) );
+						}
+						break;
+
+					case 'array_str':
+						if ( is_array( $request_data[ $key ] ) ) {
+							$args[ $key ] = array_map( 'sanitize_text_field', $request_data[ $key ] );
+						} else {
+							$args[ $key ] = array( sanitize_text_field( $request_data[ $key ] ) );
+						}
+						break;
+
 					case 'int':
 						$args[ $key ] = absint( $request_data[ $key ] );
 						break;
diff --git a/public_html/wp-content/plugins/camptix/inc/class-camptix-actions.php b/public_html/wp-content/plugins/camptix/inc/class-camptix-actions.php
new file mode 100644
index 0000000000..ecff483947
--- /dev/null
+++ b/public_html/wp-content/plugins/camptix/inc/class-camptix-actions.php
@@ -0,0 +1,80 @@
+<?php
+
+class Camptix_Actions {
+
+	// Denotes ticketing is happening.
+	public const TICKET_ACTION = 'tix_action';
+
+	// Coupons.
+	public const COUPON = 'tix_coupon';
+
+	// Third Party for ticket purchases.
+	public const SINGLE_TICKET_PURCHASE = 'tix_single_ticket_purchase';
+
+	// Passed along.
+	public const TICKETS_SELECTED = 'tix_tickets_selected';
+
+	// Editing ticket information.
+	public const ATTENDEE_ID  = 'tix_attendee_id';
+	public const EDIT_TOKEN   = 'tix_edit_token';
+	public const ACCESS_TOKEN = 'tix_access_token';
+
+	// Reservations.
+	public const RESERVATION_ID    = 'tix_reservation_id';
+	public const RESERVATION_TOKEN = 'tix_reservation_token';
+
+	// Generic errors.
+	public const ERRORS = 'tix_errors';
+
+	private $type;
+	private $sanitizer;
+
+	private function __construct( string $type, callable $sanitizer ) {
+		$this->type      = $type;
+		$this->sanitizer = $sanitizer;
+	}
+
+	public static function TEXT(): self {
+		return new self( 'text', fn( $value ) => sanitize_text_field( $value ) );
+	}
+
+	public static function INTEGER(): self {
+		return new self( 'int', fn( $value ) => absint( $value ) );
+	}
+
+	public static function ARRAY_INTEGER(): self {
+		return new self( 'array_int', fn( $value ) => is_array( $value )
+			? array_map( 'absint', $value )
+			: array( absint( $value ) )
+		);
+	}
+
+	public static function ARRAY_STR(): self {
+		return new self( 'array_str', fn( $value ) => is_array( $value )
+			? array_map( 'sanitize_text_field', $value )
+			: array( sanitize_text_field( $value ) )
+		);
+	}
+
+	public static function get_allowed_parameters(): array {
+		return [
+			self::TICKET_ACTION     => self::TEXT(),
+			self::TICKETS_SELECTED  => self::ARRAY_INTEGER(),
+			self::COUPON            => self::TEXT(),
+			self::ATTENDEE_ID       => self::INTEGER(),
+			self::EDIT_TOKEN        => self::TEXT(),
+			self::ACCESS_TOKEN      => self::TEXT(),
+			self::RESERVATION_ID    => self::INTEGER(),
+			self::RESERVATION_TOKEN => self::TEXT(),
+			self::ERRORS            => self::ARRAY_STR(),
+		];
+	}
+
+	public function get_type(): string {
+		return $this->type;
+	}
+
+	public function sanitize( $value ) {
+		return call_user_func( $this->sanitizer, $value );
+	}
+}
diff --git a/public_html/wp-content/plugins/camptix/tests/inc/test-class-camptix-actions.php b/public_html/wp-content/plugins/camptix/tests/inc/test-class-camptix-actions.php
new file mode 100644
index 0000000000..05e5d65d74
--- /dev/null
+++ b/public_html/wp-content/plugins/camptix/tests/inc/test-class-camptix-actions.php
@@ -0,0 +1,39 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+class Camptix_Actions_Test extends WP_UnitTestCase {
+
+	public function testConstants() {
+		$this->assertSame( 'tix_action', Camptix_Actions::TICKET_ACTION );
+		$this->assertSame( 'tix_coupon', Camptix_Actions::COUPON );
+		$this->assertSame( 'tix_single_ticket_purchase', Camptix_Actions::SINGLE_TICKET_PURCHASE );
+		$this->assertSame( 'tix_tickets_selected', Camptix_Actions::TICKETS_SELECTED );
+		$this->assertSame( 'tix_attendee_id', Camptix_Actions::ATTENDEE_ID );
+		$this->assertSame( 'tix_edit_token', Camptix_Actions::EDIT_TOKEN );
+		$this->assertSame( 'tix_access_token', Camptix_Actions::ACCESS_TOKEN );
+		$this->assertSame( 'tix_reservation_id', Camptix_Actions::RESERVATION_ID );
+		$this->assertSame( 'tix_reservation_token', Camptix_Actions::RESERVATION_TOKEN );
+		$this->assertSame( 'tix_errors', Camptix_Actions::ERRORS );
+	}
+
+	public function testGetAllowedParameters() {
+		$parameters = Camptix_Actions::get_allowed_parameters();
+
+		// Check the keys and their associated types
+		$this->assertArrayHasKey( Camptix_Actions::TICKET_ACTION, $parameters );
+		$this->assertInstanceOf( Camptix_Actions::class, $parameters[ Camptix_Actions::TICKET_ACTION ] );
+
+		$this->assertArrayHasKey( Camptix_Actions::TICKETS_SELECTED, $parameters );
+		$this->assertInstanceOf( Camptix_Actions::class, $parameters[ Camptix_Actions::TICKETS_SELECTED ] );
+
+		// More assertions for each expected key
+		$this->assertArrayHasKey( Camptix_Actions::COUPON, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::ATTENDEE_ID, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::EDIT_TOKEN, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::ACCESS_TOKEN, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::RESERVATION_ID, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::RESERVATION_TOKEN, $parameters );
+		$this->assertArrayHasKey( Camptix_Actions::ERRORS, $parameters );
+	}
+}