$_SERVER['HTTP_HOST'] has port number and regex doesn't strip it.

I ran into a bug with securepages 6.x-1.x-dev on a Debian 4 with PHP 4.4.8, Apache 2.0.54 regarding $_SERVER['HTTP_HOST'] containing the port number. I was unable to switch this to PHP5 to test.

What happens:
When switching to a secure page, the redirect works as expected from say http://example.com/admin, to https://example.com/admin. When navigating from a secure page to a non-secure page, a redirect loop would develop. For example, clicking on a link to https://example.com (a non-secured page) from https://example.com/admin.

Why:
For some reason I kept getting referred back to https://example.com, which would attempt to redirect to the non-secure version, but the redirect would actually issue for https://example.com, not http. Through some debugging I discovered that securepages_get_destination() was returning http://example.com:443/ which the browser would always interpret as https://example.com (OR Apache, I'm not sure here..) This is because $_SERVER['HTTP_HOST'] was always returning the host, with port number. The regex to make the actual switch in securepages_get_destination() does not filter the port number of $url, and the end result was a redirect loop.

My fix:
The obvious temporary fix, was to make sure that the port number was stripped from $url, before the returning it to securepages_goto(). To do that I added the following line in the middle of securepages_get_destination() (see patch):

$url = str_replace(':443', '', $url);

I'd like to know your thoughts on this, to find out if this is a PHP4 bug or if this is something you would consider for securepages. This doesn't seem to affect the ability to redirect to https when necessary, although that may not be the case for all browsers/web servers.